Trojaner oder ähnliches taucht nach löschung unter anderem namen auf

Trantüte · 16.11.2006, 12:16

hallöchen euch trojaner profis

ich weiß nicht ob das auch ok ist aber aus übersichtlichkeitsgründen poste ich mal nur den link zu meinem ausgewerteten HJ Logfile.

wenn euch lieber ist das ich nur den text poste einfach bescheid sagen.

kurze beschreibung noch zum problem:

1. norton antivirus hat bedrohung gemeldet.
2. einige bedrohungen hat er gelöscht und eine nicht
3. nach umbenung der betreffenden datei hat er sie gelöscht.
4. nach erneutem scan (mit und ohne neustart) wurde wieder eine bedrohung gefunden die vorher nicht da war. allerding mit anderem namen als die von vorher
5. bei jedem weiteren löschen der betreffenden datei wurde beim nächsten scan eine neue bedrohung gefunden
6. bei den letzten beiden scans (bevor ichs aufgegeben habe) hab ich mir die anzahl der gescanten dateien notiert. bei scan1=37087 und bei scan2=37090 komisch 3 mehr obwohl eine datei gelöscht wurde. Oder legt windows zwischendurch mal ein paar dateien an? (der scan betraff nur den Windows-ordner)
7. u.a. hießen die gelöschten dateien: addfs.exe, crvd.dll,ieaa.exe usw.
8. ich weiß nicht obs damit zu tun hat aber seit geraumer zeit lässt sich der IE nicht mehr schliessen (also nur noch mit sofort beenden und so)

bevor sich jemand aufregt diese frage habe ich schon mal im pc-welt forum gestellt. dort konnte mir niemand so richtig helfen und mir wurde dieses forum empfohlen dehalb bitte ich jetzt hier um hilfe.

ich würde mich über hilfe sehr freuen.

mfg david

Trantüte · 17.11.2006, 16:25

hi

ist meine problem so schwierig oder liegst daran das ich nur nen link zum hj-log eingefügt habe. wenns am link liegt kann ich auch gerne denn ganzen text posten. einfach bescheid sagen.

mfg david

irrlicht · 17.11.2006, 16:48

Hallo,
eine merkwürdige Definition von Übersichtlichkeit hast du aber schon...
Wäre vielleicht gut ,mal zu schauen wie das alle anderen hier machen...

Zu1: Welche ?
Zu2: Welche ?
Zu3: Welche ?
Zu4: Welche ?
Zu5: Welche ?
Zu6: Das ist eher deiner Maleware zuzuschreiben..
Zu7: Was sagt Google zu den Dateien ?
Zu8: Möglich,der IE möchte vielleicht gerne noch etwas "Werbung von der ungewünschten Sorte" ,bei dir anbringen.
Zu dir : Nenne die Namen der Programme, die wo was gefunden haben und poste ebenfalls die Pfade dazu.Sonst wird das nix
Irrlicht

Trantüte · 20.11.2006, 08:21

hi irrlicht

vielen dank für deine Antwort.

zu1) unter anderem eine der bei punkt 7 genannten dateien ... da der name nach der löschung bei jedem scan anders ist kann ich hier keinen speziellen namen aufführen

zu2) zum name siehe punkt 1. grundsätzlich gilt die .dll dateien wurden automatisch gelöscht die .exe dateien erst nach umbennenung der datei

zu3) zum namen sieh punkt 1. nur die .exe dateien wurden umbenannt

zu4) siehe punkt 1

zu5) siehe punkt 1

zu6) welche der punkte im hj log sind denn die malware und welche kann ich getrost fixen ohne das windows nicht mehr funtioniert?

zu7) da ich ganz schlecht english kann konnte ich nur auf deutschen seiten was verstehen. und auf deutschen seiten waren diese dateinamen auch nur in foren in hj logs zu finden.

zu8) aha und wie werd ich die los ... im hj log zeigt er doch einiges als böse an ... gibts da nix was ich auf jeden fall fixen kann? ich meine das windows danach auch noch läuft.

da die anderen das auch so machen werde ich jetzt meine hj log nochmal so als text posten:

Logfile of HijackThis v1.99.1
Scan saved at 14:08:50, on 15.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\javako.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Telefon\Sony Ericsson\Mobile\audevicemgr.exe
C:\PROGRA~1\Telefon\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
c:\Programme\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Telefon\Sony Ericsson\Mobile\SyncIndicator.exe
C:\Dokumente und Einstellungen\EDITIERT\Eigene Dateien\Meine empfangenen Dateien\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\pqmrp.dll/sp.html#53142%
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\pqmrp.dll/sp.html#53142%
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\pqmrp.dll/sp.html#53142%
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\pqmrp.dll/sp.html#53142%
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\pqmrp.dll/sp.html#53142%
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\pqmrp.dll/sp.html#53142%
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=EDITIERT
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0402ED77-6A3E-935E-AC06-95ADD3F1EC13} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {1A3AAC53-69B3-F769-1199-284A99589CE9} - (no file)
O2 - BHO: (no name) - {1BA93373-201C-314A-722B-378A24BEFF9F} - (no file)
O2 - BHO: (no name) - {2793A518-B131-6A45-A669-D11F76853A3C} - (no file)
O2 - BHO: (no name) - {2C0FF493-7CFE-EBB6-BFED-F224B4D819A0} - (no file)
O2 - BHO: (no name) - {2FBDF490-35F1-E082-9FC5-FD05BCC228F1} - (no file)
O2 - BHO: (no name) - {40322C23-9CF3-75AE-8139-3B869E307B62} - (no file)
O2 - BHO: (no name) - {5461194A-61A1-5704-8482-92C1C929085D} - (no file)
O2 - BHO: (no name) - {5589D9AB-A0F2-680A-D323-258D1B13015E} - (no file)
O2 - BHO: (no name) - {6469535C-868D-78CB-87BD-9BF74E0AEB7A} - (no file)
O2 - BHO: (no name) - {7DD85366-D791-988B-E591-E8766F46FA72} - (no file)
O2 - BHO: (no name) - {7DE1763D-9059-7FF3-86E3-B3C3C3C429D7} - (no file)
O2 - BHO: (no name) - {B783C736-3A0E-322A-78D2-E65F0094E9D6} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C2B58764-C5C7-1BD4-E562-74CAC3710D50} - (no file)
O2 - BHO: Class - {C649A69E-485D-DD56-6491-4EFEC78FCF50} - C:\WINDOWS\system32\appyh.dll
O2 - BHO: (no name) - {CEAC592B-F6D3-16F9-AF51-E5B628A6E207} - (no file)
O2 - BHO: (no name) - {D536553A-8454-B7B7-A46A-2844AD256394} - (no file)
O2 - BHO: (no name) - {DA3BABA3-5736-6454-A932-76699B3770AC} - (no file)
O2 - BHO: (no name) - {DD35522C-E086-2B5A-7652-36886F75C9C3} - (no file)
O2 - BHO: (no name) - {E45BD794-07C3-1757-F771-7B40593FF30F} - (no file)
O2 - BHO: (no name) - {E7E10A94-7C17-AD1A-49E0-508B29FF9D9B} - (no file)
O2 - BHO: (no name) - {F430E182-FBCC-2A8E-3E7E-3D02B29EFC8B} - (no file)
O2 - BHO: (no name) - {F5155F20-FF52-9C3B-B02B-CF48E85DA740} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [addfs.exe] C:\WINDOWS\system32\addfs.exe
O4 - HKLM\..\Run: [ieaa.exe] C:\WINDOWS\system32\ieaa.exe
O4 - HKLM\..\RunOnce: [javako.exe] C:\WINDOWS\javako.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Telefonverbindungsmonitor.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://c:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - c:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=EDITIERT
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117177643765
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37510.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EDITIERT
O17 - HKLM\Software\..\Telephony: DomainName = EDITIERT
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = EDITIERT
O18 - Protocol: bw+0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\javauy32.exe (file missing)
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe

ich hoffe jetzt ist es einleuchtender

mfg david

**Sunny** · 20.11.2006, 16:59

Hallo.

Dein System ist ganz schön VERSAUT, aber keinerlei Anzeichen für einen BackdoorTrojaner, trotzdem wird die Bereinigung sehr lange dauern.
Deshalb frage ich vorher, hast du ein IMAGE was du einspielen kannst, oder kannst du eine Neuinstallation vornehmen?
Dies würde mit großer Sicherheit schneller gehen, und das Risiko, das alles entferrnt wird wäre auch bei 0%?!

Also überleg es dir, eine (vielleicht!) Tage dauernde Bereinigung, oder 3 Stunden Neuinstallation?

Gruß
Sunny

Trantüte · 21.11.2006, 08:04

hi sunny

recht herzlichen dank für die antwort

ich würde gerne eine bereinigung vornehmen und keine neuinstallation. mir gehts auch darum etwas zu lernen und ein paar erfahrungen in diesem bereich zu sammeln.
also wäre es schön wenn du mir dabei hilfst.

mfg David

Trantüte · 22.11.2006, 12:35

Ist bei euch auch so schönes Wetter wie bei uns?

mfg David

**Sunny** · 22.11.2006, 17:56

Zitat:

Zitat von Trantüte

Ist bei euch auch so schönes Wetter wie bei uns?

Geht so, bei uns ist es dunkel

(weil Nachts ist kälter als draussen

)

So Spaß´bei Seite:

1.) Lade dir folgende Tools
SmitFraudFix und die Killbox

2.) Deaktiviere die Systemwiederherstellung, und starte in den abgesicherten Modus -> so wird es gemacht!

3.) Fixe nun mit HijackThis folgende Einträge im HijackLog:

Zitat:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\pqmrp.dll/sp.html#53142%
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\pqmrp.dll/sp.html#53142%
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\pqmrp.dll/sp.html#53142%
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\pqmrp.dll/sp.html#53142%
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\pqmrp.dll/sp.html#53142%
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\pqmrp.dll/sp.html#53142%
O2 - BHO: (no name) - {0402ED77-6A3E-935E-AC06-95ADD3F1EC13} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {1A3AAC53-69B3-F769-1199-284A99589CE9} - (no file)
O2 - BHO: (no name) - {1BA93373-201C-314A-722B-378A24BEFF9F} - (no file)
O2 - BHO: (no name) - {2793A518-B131-6A45-A669-D11F76853A3C} - (no file)
O2 - BHO: (no name) - {2C0FF493-7CFE-EBB6-BFED-F224B4D819A0} - (no file)
O2 - BHO: (no name) - {2FBDF490-35F1-E082-9FC5-FD05BCC228F1} - (no file)
O2 - BHO: (no name) - {40322C23-9CF3-75AE-8139-3B869E307B62} - (no file)
O2 - BHO: (no name) - {5461194A-61A1-5704-8482-92C1C929085D} - (no file)
O2 - BHO: (no name) - {5589D9AB-A0F2-680A-D323-258D1B13015E} - (no file)
O2 - BHO: (no name) - {6469535C-868D-78CB-87BD-9BF74E0AEB7A} - (no file)
O2 - BHO: (no name) - {7DD85366-D791-988B-E591-E8766F46FA72} - (no file)
O2 - BHO: (no name) - {7DE1763D-9059-7FF3-86E3-B3C3C3C429D7} - (no file)
O2 - BHO: (no name) - {B783C736-3A0E-322A-78D2-E65F0094E9D6} - (no file)
O2 - BHO: (no name) - {C2B58764-C5C7-1BD4-E562-74CAC3710D50} - (no file)
O2 - BHO: Class - {C649A69E-485D-DD56-6491-4EFEC78FCF50} - C:\WINDOWS\system32\appyh.dll
O2 - BHO: (no name) - {CEAC592B-F6D3-16F9-AF51-E5B628A6E207} - (no file)
O2 - BHO: (no name) - {D536553A-8454-B7B7-A46A-2844AD256394} - (no file)
O2 - BHO: (no name) - {DA3BABA3-5736-6454-A932-76699B3770AC} - (no file)
O2 - BHO: (no name) - {DD35522C-E086-2B5A-7652-36886F75C9C3} - (no file)
O2 - BHO: (no name) - {E45BD794-07C3-1757-F771-7B40593FF30F} - (no file)
O2 - BHO: (no name) - {E7E10A94-7C17-AD1A-49E0-508B29FF9D9B} - (no file)
O2 - BHO: (no name) - {F430E182-FBCC-2A8E-3E7E-3D02B29EFC8B} - (no file)
O2 - BHO: (no name) - {F5155F20-FF52-9C3B-B02B-CF48E85DA740} - (no file)
O4 - HKLM\..\Run: [addfs.exe] C:\WINDOWS\system32\addfs.exe
O4 - HKLM\..\Run: [ieaa.exe] C:\WINDOWS\system32\ieaa.exe
O4 - HKLM\..\RunOnce: [javako.exe] C:\WINDOWS\javako.exe
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\javauy32.exe (file missing)

4.) Starte nun die Killbox, klicke auf -> "Option delete on reboot"
Suche nun nacheinander folgende Dateien:
(sofern vorhanden!)

Zitat:

C:\WINDOWS\javako.exe
C:\WINDOWS\system32\pqmrp.dll
C:\WINDOWS\system32\appyh.dll
C:\WINDOWS\system32\addfs.exe
C:\WINDOWS\system32\ieaa.exe
C:\WINDOWS\system32\javauy32.exe

Du wirst nach jeder gefundenen Dateu gefragt ob du das System neu starten willst, tu dies erst wenn du die letzte Datei eingegeben hast.

5.) Starte nun das Tool -> SmitFraudFix, starte es mit der Option "2", poste im Anschluss dern Inhalt der erstellten Report.txt.

6.) Starte den Rechner neu, und erstell ein eScan-Log mit Hilfe der "find.bat" sowie ein neues Hijacklog.

Gruß
Sunny

Trantüte · 23.11.2006, 13:38

hi sunny

danke für die weitere mühe

hier die logs:

smitfraud:

SmitFraudFix v2.123
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

eScan:

Thu Nov 23 11:02:23 2006 => ERROR!!! Invalid Entry mmtask = c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
Thu Nov 23 11:02:24 2006 => ERROR!!! Invalid Entry C:\WINDOWS\system32\javauy32.exe /s in SYSTEM\CurrentControlSet\Services\ 11Fßä#·ºÄÖ`I...
Thu Nov 23 11:02:31 2006 => ERROR!!! Invalid Entry "C:\WINDOWS\TEMP\16.tmp" in SYSTEM\CurrentControlSet\Services\VLo...

Thu Nov 23 11:02:32 2006 => ***** Scanning Registry and File system for Adware/Spyware *****
Thu Nov 23 11:02:32 2006 => Loading Spyware Signatures from new External Database (Size: 187030).
Thu Nov 23 11:02:32 2006 => Indexed Spyware Databases Successfully Created...

Thu Nov 23 11:02:44 2006 => System found infected with smartfinder Spyware/Adware ({4a7621f7-51a8-8816-226b-81ee72e669cf})! Action taken: No Action Taken.
Thu Nov 23 11:02:44 2006 => System found infected with cws.homesearch Browser Hijacker ({676575dd-4d46-911d-8037-9b10d6ee8bb5})! Action taken: No Action Taken.
Thu Nov 23 11:02:44 2006 => System found infected with emedia codec Browser Hijacker ({6bf52a52-394a-11d3-b153-00c04f79faa6})! Action taken: No Action Taken.
Thu Nov 23 11:02:44 2006 => System found infected with cws.homesearch Browser Hijacker ({6f52aa3b-3e87-c242-6ec0-23373b9c1426})! Action taken: No Action Taken.
Thu Nov 23 11:02:44 2006 => System found infected with smartfinder Spyware/Adware ({8f5f3fdd-ca3c-1e88-3714-ee2cc672a96f})! Action taken: No Action Taken.
Thu Nov 23 11:02:44 2006 => System found infected with cws.homesearch Browser Hijacker ({fe19e36e-3b14-cad0-144a-27b795bb4982})! Action taken: No Action Taken.
Thu Nov 23 11:02:44 2006 => System found infected with emedia codec Browser Hijacker ({6bf52a52-394a-11d3-b153-00c04f79faa6})! Action taken: No Action Taken.
Thu Nov 23 11:02:46 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\hsa !!!
Thu Nov 23 11:02:46 2006 => Object "hsa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Thu Nov 23 11:02:46 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\sw !!!
Thu Nov 23 11:02:46 2006 => Object "sw Spyware/Adware" found in File System! Action Taken: No Action Taken.
Thu Nov 23 11:02:46 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\hsa !!!
Thu Nov 23 11:02:46 2006 => Object "hsa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Thu Nov 23 11:02:46 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\sw !!!
Thu Nov 23 11:02:46 2006 => Object "sw Spyware/Adware" found in File System! Action Taken: No Action Taken.
Thu Nov 23 11:02:48 2006 => Offending file found: C:\WINDOWS\iebs.exe
Thu Nov 23 11:02:48 2006 => System found infected with mendware Spyware/Adware (iebs.exe)! Action taken: No Action Taken.
Thu Nov 23 11:02:49 2006 => Offending file found: C:\WINDOWS\system32\crqf32.exe
Thu Nov 23 11:02:49 2006 => System found infected with coolw**search.smartsearch Browser Hijacker (crqf32.exe)! Action taken: No Action Taken.
Thu Nov 23 11:02:49 2006 => Offending file found: C:\WINDOWS\system32\winad.exe
Thu Nov 23 11:02:49 2006 => System found infected with winad Spyware/Adware (winad.exe)! Action taken: No Action Taken.
Thu Nov 23 11:02:49 2006 => Offending file found: C:\Dokumente und Einstellungen\editiert.editiert\Favoriten\only sex website.url
Thu Nov 23 11:02:49 2006 => System found infected with smartfinder Spyware/Adware (only sex website.url)! Action taken: No Action Taken.
Thu Nov 23 11:02:49 2006 => Offending file found: C:\Dokumente und Einstellungen\editiert.editiert\Favoriten\search the web.url
Thu Nov 23 11:02:49 2006 => System found infected with smartfinder Spyware/Adware (search the web.url)! Action taken: No Action Taken.
Thu Nov 23 11:02:49 2006 => Offending file found: C:\Dokumente und Einstellungen\editiert.editiert\Favoriten\seven days of free porn.url
Thu Nov 23 11:02:49 2006 => System found infected with smartfinder Spyware/Adware (seven days of free porn.url)! Action taken: No Action Taken.
Thu Nov 23 11:02:49 2006 => Offending Folder found: C:\Dokumente und Einstellungen\editiert.editiert\Favoriten\sites about
Thu Nov 23 11:02:49 2006 => Object "smartfinder Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Nov 23 11:02:56 2006 => Checking CLSID Reference Entries...
Thu Nov 23 11:02:56 2006 => Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Thu Nov 23 11:02:56 2006 => Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Thu Nov 23 11:02:57 2006 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Thu Nov 23 11:02:57 2006 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Thu Nov 23 11:02:57 2006 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Thu Nov 23 11:02:58 2006 => Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
Thu Nov 23 11:02:59 2006 => Checking Module Usage Entries...
Thu Nov 23 11:02:59 2006 => Checking User Trusted External App Entries...
Thu Nov 23 11:02:59 2006 => Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object ""C:\PROGRA~1\WINDOW~2\wmplayer.exe"". Action Taken: No Action Taken.
Thu Nov 23 11:02:59 2006 => Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\PROGRA~1\WINDOW~2\wmplayer.exe". Action Taken: No Action Taken.
Thu Nov 23 11:02:59 2006 => Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Programme\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\PrvCnt.exe". Action Taken: No Action Taken.
Thu Nov 23 11:02:59 2006 => Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Programme\Logitech\Desktop Messenger\8876480\7.2.0.157-8876480SL\Program\PrvCnt.exe". Action Taken: No Action Taken.
Thu Nov 23 11:02:59 2006 => Checking Shared DLL Entries...
Thu Nov 23 11:03:00 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\DIMM.DLL". Action Taken: No Action Taken.
Thu Nov 23 11:03:00 2006 => Checking Installer Entries...
Thu Nov 23 11:03:00 2006 => Checking Shared Tools Entries...
Thu Nov 23 11:03:00 2006 => Checking File Extension Entries...
Thu Nov 23 11:03:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".doch". Action Taken: No Action Taken.
Thu Nov 23 11:03:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".iaf". Action Taken: No Action Taken.
Thu Nov 23 11:03:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".OLB". Action Taken: No Action Taken.
Thu Nov 23 11:03:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".old". Action Taken: No Action Taken.
Thu Nov 23 11:03:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rpt". Action Taken: No Action Taken.
Thu Nov 23 11:03:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".txp". Action Taken: No Action Taken.
Thu Nov 23 11:03:00 2006 => Checking Application Cache Entries...
Thu Nov 23 11:03:00 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "World of Warcraft". Action Taken: No Action Taken.
Thu Nov 23 11:03:00 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4540F576-8F15-416C-8F53-03B8E8C3941C}". Action Taken: No Action Taken.

Thu Nov 23 11:03:00 2006 => ***** Scanning All Drives *****
Thu Nov 23 11:03:00 2006 => Scanning C:\ Drive
Thu Nov 23 11:03:00 2006 => Scanning Folder: C:\*.*
Thu Nov 23 11:03:00 2006 => Scanning Folder: C:\!KillBox\*.*
Thu Nov 23 11:03:00 2006 => Scanning File C:\!KillBox\appyh.exe [**]
Thu Nov 23 11:03:00 2006 => Scanning File C:\!KillBox\appyh.exe( 3) [**]
Thu Nov 23 11:03:00 2006 => Scanning File C:\!KillBox\javako.exe
Thu Nov 23 11:03:01 2006 => File C:\!KillBox\javako.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Thu Nov 23 11:03:01 2006 => Scanning File C:\!KillBox\javako.exe( 1)
Thu Nov 23 11:03:01 2006 => File C:\!KillBox\javako.exe( 1) infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Thu Nov 23 11:03:19 2006 => ERROR!!! ScanFile fails for C:\DOKUME~1\ALLUSE~1\ANWEND~1\MICROS~1\DRWATS~1\user.dmp
Thu Nov 23 11:03:28 2006 => File C:\Dokumente und Einstellungen\All Users\Dokumente\mirc\mirc616.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
Thu Nov 23 11:03:44 2006 => ERROR!!! ScanFile fails for C:\DOKUME~1\LOCALS~1\LOKALE~1\ANWEND~1\MICROS~1\Windows\UsrClass.dat
Thu Nov 23 11:03:44 2006 => ERROR!!! ScanFile fails for C:\DOKUME~1\LOCALS~1\LOKALE~1\ANWEND~1\MICROS~1\Windows\USRCLA~1.LOG
Thu Nov 23 11:03:44 2006 => ERROR!!! ScanFile fails for C:\DOKUME~1\LOCALS~1\NTUSER.DAT
Thu Nov 23 11:03:44 2006 => ERROR!!! ScanFile fails for C:\DOKUME~1\LOCALS~1\NTUSER~1.LOG
Thu Nov 23 11:04:12 2006 => ERROR!!! ScanFile fails for C:\DOKUME~1\NETWOR~1\LOKALE~1\ANWEND~1\MICROS~1\Windows\UsrClass.dat
Thu Nov 23 11:04:12 2006 => ERROR!!! ScanFile fails for C:\DOKUME~1\NETWOR~1\LOKALE~1\ANWEND~1\MICROS~1\Windows\USRCLA~1.LOG
Thu Nov 23 11:04:14 2006 => ERROR!!! ScanFile fails for C:\DOKUME~1\NETWOR~1\NTUSER.DAT
Thu Nov 23 11:04:14 2006 => ERROR!!! ScanFile fails for C:\DOKUME~1\NETWOR~1\NTUSER~1.LOG
Thu Nov 23 11:04:32 2006 => File C:\Dokumente und Einstellungen\editiert.editiert\Eigene Dateien\Meine empfangenen Dateien\hijackthis\backups\backup-20061123-084410-595.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
Thu Nov 23 11:04:34 2006 => File C:\Dokumente und Einstellungen\editiert.editiert\Eigene Dateien\Meine empfangenen Dateien\SmitfraudFix\SmitfraudFix\Reboot.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
Thu Nov 23 11:04:36 2006 => File C:\Dokumente und Einstellungen\editiert.editiert\Eigene Dateien\Meine empfangenen Dateien\SmitfraudFix.zip tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
Thu Nov 23 11:05:27 2006 => ERROR!!! ScanFile fails for C:\DOKUME~1\editiert.editiert\LOKALE~1\ANWEND~1\MICROS~1\Windows\UsrClass.dat
Thu Nov 23 11:05:27 2006 => ERROR!!! ScanFile fails for C:\DOKUME~1\editiert.editiert\LOKALE~1\ANWEND~1\MICROS~1\Windows\USRCLA~1.LOG
Thu Nov 23 11:05:30 2006 => ERROR!!! ScanFile fails for C:\DOKUME~1\editiert.editiert\ntuser.dat
Thu Nov 23 11:05:30 2006 => ERROR!!! ScanFile fails for C:\DOKUME~1\editiert.editiert\NTUSER~1.LOG
Thu Nov 23 11:11:34 2006 => ERROR!!! ScanFile fails for C:\pagefile.sys
Thu Nov 23 11:13:42 2006 => Result: ERROR!!! File C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask: Scanning Failure!!!
Thu Nov 23 11:13:42 2006 => ERROR!!! ScanFile fails for C:\PROGRA~1\Lavasoft\AD-AWA~1\Skins\AD-AWA~1.ASK

Thu Nov 23 11:44:23 2006 => Scanning File C:\Windows\system32\config\default
Thu Nov 23 11:44:23 2006 => ERROR!!! ScanFile fails for C:\Windows\system32\config\default
Thu Nov 23 11:44:23 2006 => Scanning File C:\Windows\system32\config\DEFAULT.LOG
Thu Nov 23 11:44:23 2006 => ERROR!!! ScanFile fails for C:\Windows\system32\config\DEFAULT.LOG
Thu Nov 23 11:44:23 2006 => Scanning File C:\Windows\system32\config\netlogon.ftl
Thu Nov 23 11:44:23 2006 => Scanning File C:\Windows\system32\config\SAM
Thu Nov 23 11:44:23 2006 => ERROR!!! ScanFile fails for C:\Windows\system32\config\SAM
Thu Nov 23 11:44:23 2006 => Scanning File C:\Windows\system32\config\SAM.LOG
Thu Nov 23 11:44:23 2006 => ERROR!!! ScanFile fails for C:\Windows\system32\config\SAM.LOG
Thu Nov 23 11:44:23 2006 => Scanning File C:\Windows\system32\config\SecEvent.Evt
Thu Nov 23 11:44:23 2006 => Scanning File C:\Windows\system32\config\SECURITY
Thu Nov 23 11:44:23 2006 => ERROR!!! ScanFile fails for C:\Windows\system32\config\SECURITY
Thu Nov 23 11:44:23 2006 => Scanning File C:\Windows\system32\config\SECURITY.LOG
Thu Nov 23 11:44:23 2006 => ERROR!!! ScanFile fails for C:\Windows\system32\config\SECURITY.LOG
Thu Nov 23 11:44:23 2006 => Scanning File C:\Windows\system32\config\software
Thu Nov 23 11:44:23 2006 => ERROR!!! ScanFile fails for C:\Windows\system32\config\software
Thu Nov 23 11:44:23 2006 => Scanning File C:\Windows\system32\config\Software.LOG
Thu Nov 23 11:44:23 2006 => ERROR!!! ScanFile fails for C:\Windows\system32\config\Software.LOG
Thu Nov 23 11:44:23 2006 => Scanning File C:\Windows\system32\config\SysEvent.Evt
Thu Nov 23 11:44:23 2006 => Scanning File C:\Windows\system32\config\system
Thu Nov 23 11:44:23 2006 => ERROR!!! ScanFile fails for C:\Windows\system32\config\system
Thu Nov 23 11:44:23 2006 => Scanning File C:\Windows\system32\config\SYSTEM.LOG
Thu Nov 23 11:44:23 2006 => ERROR!!! ScanFile fails for C:\Windows\system32\config\SYSTEM.LOG

Thu Nov 23 11:46:00 2006 => Scanning File C:\Windows\Temp\lixp1.exe
Thu Nov 23 11:46:01 2006 => File C:\Windows\Temp\lixp1.exe infected by "Trojan-Downloader.Win32.Agent.akq" Virus! Action Taken: No Action Taken.

Thu Nov 23 11:46:05 2006 => ***** Checking for specific ITW Viruses *****
Thu Nov 23 11:46:05 2006 => Checking for Welchia Virus...
Thu Nov 23 11:46:05 2006 => Checking for LovGate Virus...
Thu Nov 23 11:46:05 2006 => Checking for CodeRed Virus...
Thu Nov 23 11:46:05 2006 => Checking for OpaServ Virus...
Thu Nov 23 11:46:05 2006 => Checking for Sobig.e Virus...
Thu Nov 23 11:46:05 2006 => Checking for Winupie Virus...
Thu Nov 23 11:46:05 2006 => Checking for Swen Virus...
Thu Nov 23 11:46:05 2006 => Checking for JS.Fortnight Virus...
Thu Nov 23 11:46:06 2006 => Checking for Novarg Virus...
Thu Nov 23 11:46:06 2006 => Checking for Pagabot Virus...
Thu Nov 23 11:46:06 2006 => Checking for Parite.b Virus...
Thu Nov 23 11:46:06 2006 => Checking for Parite.a Virus...
Thu Nov 23 11:46:06 2006 => Checking for Adware.SeekSeek Virus...

Thu Nov 23 11:46:06 2006 => ***** Scanning complete. *****

Thu Nov 23 11:46:06 2006 => Total Objects Scanned: 59589
Thu Nov 23 11:46:06 2006 => Total Critical Objects: 2873
Thu Nov 23 11:46:06 2006 => Total Disinfected Objects: 0
Thu Nov 23 11:46:06 2006 => Total Objects Renamed: 0
Thu Nov 23 11:46:06 2006 => Total Deleted Objects: 0
Thu Nov 23 11:46:06 2006 => Total Errors: 23
Thu Nov 23 11:46:06 2006 => Time Elapsed: 00:43:57
Thu Nov 23 11:46:06 2006 => Virus Database Date: 11/23/2006
Thu Nov 23 11:46:06 2006 => Virus Database Count: 244223

Thu Nov 23 11:46:06 2006 => Scan Completed.

das eScan log war so gigantisch das ich einiges weggelöscht habe zum beispiel wo nur scanning sowieso stand und ettliche funde im quarantine ordner vom virenprogramm. wenn dich das ganze log interessiert kann ichs versuchen zu posten aber es ist über 5 MB groß und ich glaube nicht das das hier rein passt. sag einfach bescheid was du gern hättest.

bei smitfraud waren soviele ausführbare dateien ich hoffe mal das ich da die richtige angeklickt habe. beim ausführen von smitfraud hat sich 2 oder 3 mal das virenprogramm gemeldet und gesagt gefährliches script computer wurde angehalten etc. ist das normal?

beim dateien mit killbox durchgehen ist mir aufgefallen das im windowsordner und im system32 ordner haufenweise dateien sind die so ähnlich wie die bedrohungen heißen als viele beginnen mit add***.exe oder java***.exe könnte mir vorstellen das die mit zu dem bösen dazu gehören.

das hjlog folgt im nächsten fenster (25000 zeichen überschritten).

schon mal danke im voraus

mfg david

Trantüte · 23.11.2006, 13:41

hi hier das hjLog

Logfile of HijackThis v1.99.1
Scan saved at 09:15:03, on 23.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Telefon\Sony Ericsson\Mobile\audevicemgr.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\Telefon\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
c:\Programme\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\editiert.editiert\Eigene Dateien\Meine empfangenen Dateien\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = editiert
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0402ED77-6A3E-935E-AC06-95ADD3F1EC13} - (no file)
O2 - BHO: (no name) - {1A3AAC53-69B3-F769-1199-284A99589CE9} - (no file)
O2 - BHO: (no name) - {1BA93373-201C-314A-722B-378A24BEFF9F} - (no file)
O2 - BHO: (no name) - {2793A518-B131-6A45-A669-D11F76853A3C} - (no file)
O2 - BHO: (no name) - {2C0FF493-7CFE-EBB6-BFED-F224B4D819A0} - (no file)
O2 - BHO: (no name) - {2FBDF490-35F1-E082-9FC5-FD05BCC228F1} - (no file)
O2 - BHO: (no name) - {40322C23-9CF3-75AE-8139-3B869E307B62} - (no file)
O2 - BHO: (no name) - {5461194A-61A1-5704-8482-92C1C929085D} - (no file)
O2 - BHO: (no name) - {5589D9AB-A0F2-680A-D323-258D1B13015E} - (no file)
O2 - BHO: (no name) - {6469535C-868D-78CB-87BD-9BF74E0AEB7A} - (no file)
O2 - BHO: (no name) - {7DD85366-D791-988B-E591-E8766F46FA72} - (no file)
O2 - BHO: (no name) - {7DE1763D-9059-7FF3-86E3-B3C3C3C429D7} - (no file)
O2 - BHO: (no name) - {B783C736-3A0E-322A-78D2-E65F0094E9D6} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C2B58764-C5C7-1BD4-E562-74CAC3710D50} - (no file)
O2 - BHO: (no name) - {C649A69E-485D-DD56-6491-4EFEC78FCF50} - (no file)
O2 - BHO: (no name) - {CEAC592B-F6D3-16F9-AF51-E5B628A6E207} - (no file)
O2 - BHO: (no name) - {D536553A-8454-B7B7-A46A-2844AD256394} - (no file)
O2 - BHO: (no name) - {DA3BABA3-5736-6454-A932-76699B3770AC} - (no file)
O2 - BHO: (no name) - {DD35522C-E086-2B5A-7652-36886F75C9C3} - (no file)
O2 - BHO: (no name) - {E45BD794-07C3-1757-F771-7B40593FF30F} - (no file)
O2 - BHO: (no name) - {E7E10A94-7C17-AD1A-49E0-508B29FF9D9B} - (no file)
O2 - BHO: (no name) - {F430E182-FBCC-2A8E-3E7E-3D02B29EFC8B} - (no file)
O2 - BHO: (no name) - {F5155F20-FF52-9C3B-B02B-CF48E85DA740} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Telefonverbindungsmonitor.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://c:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - c:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://192.10.1.47:3128/ken.html
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117177643765
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37510.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = editiert.local
O17 - HKLM\Software\..\Telephony: DomainName = editiert.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = editiert.local
O18 - Protocol: bw+0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\javauy32.exe (file missing)
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe

einige einträge die du mir gesagt hast hab ich gefixt aber sie sind dennoch wieder aufgetaucht wie du sehen wirst.

mfg david

**Sunny** · 23.11.2006, 16:13

Zitat:

Zitat von Trantüte

das eScan log war so gigantisch das ich einiges weggelöscht habe

Du hast die Anleitung zu eScan nicht richtig gelesen, es gibt die sogenannte "find.bat", diese hätte nur das angezeigt was ich sehen wollte. Aber egal

Zitat:

bei smitfraud waren soviele ausführbare dateien ich hoffe mal das ich da die richtige angeklickt habe. beim ausführen von smitfraud hat sich 2 oder 3 mal das virenprogramm gemeldet und gesagt gefährliches script computer wurde angehalten etc. ist das normal?

Eigentlich ist das "normal", da SmitfraudFix auch aktive Prozesse stoppt, und das widerum ist ein Grund das dein AV-Scanner "Alarm" schlägt.
Deaktiviere deinen AV-Scanner das nächste mal.

Zitat:

beim dateien mit killbox durchgehen ist mir aufgefallen das im windowsordner und im system32 ordner haufenweise dateien sind die so ähnlich wie die bedrohungen heißen als viele beginnen mit add***.exe oder java***.exe könnte mir vorstellen das die mit zu dem bösen dazu gehören.

Genauso ist es!

Also, tu bitte folgendes:

1.) Lade dir nun folgende Tools -> Ad-Aware und Spybot S&D
Installiere beide und starte sie, lass sie beide mehrmals durchlaufen!
Starte nochmals SmitfraudFix (bitte den AV-Scanner deaktivieren!)

2.) Fixe nun mit HijackThis nochmals folgende Einträge:

Zitat:

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0402ED77-6A3E-935E-AC06-95ADD3F1EC13} - (no file)
O2 - BHO: (no name) - {1A3AAC53-69B3-F769-1199-284A99589CE9} - (no file)
O2 - BHO: (no name) - {1BA93373-201C-314A-722B-378A24BEFF9F} - (no file)
O2 - BHO: (no name) - {2793A518-B131-6A45-A669-D11F76853A3C} - (no file)
O2 - BHO: (no name) - {2C0FF493-7CFE-EBB6-BFED-F224B4D819A0} - (no file)
O2 - BHO: (no name) - {2FBDF490-35F1-E082-9FC5-FD05BCC228F1} - (no file)
O2 - BHO: (no name) - {40322C23-9CF3-75AE-8139-3B869E307B62} - (no file)
O2 - BHO: (no name) - {5461194A-61A1-5704-8482-92C1C929085D} - (no file)
O2 - BHO: (no name) - {5589D9AB-A0F2-680A-D323-258D1B13015E} - (no file)
O2 - BHO: (no name) - {6469535C-868D-78CB-87BD-9BF74E0AEB7A} - (no file)
O2 - BHO: (no name) - {7DD85366-D791-988B-E591-E8766F46FA72} - (no file)
O2 - BHO: (no name) - {7DE1763D-9059-7FF3-86E3-B3C3C3C429D7} - (no file)
O2 - BHO: (no name) - {B783C736-3A0E-322A-78D2-E65F0094E9D6} - (no file)
O2 - BHO: (no name) - {C2B58764-C5C7-1BD4-E562-74CAC3710D50} - (no file)
O2 - BHO: (no name) - {C649A69E-485D-DD56-6491-4EFEC78FCF50} - (no file)
O2 - BHO: (no name) - {CEAC592B-F6D3-16F9-AF51-E5B628A6E207} - (no file)
O2 - BHO: (no name) - {D536553A-8454-B7B7-A46A-2844AD256394} - (no file)
O2 - BHO: (no name) - {DA3BABA3-5736-6454-A932-76699B3770AC} - (no file)
O2 - BHO: (no name) - {DD35522C-E086-2B5A-7652-36886F75C9C3} - (no file)
O2 - BHO: (no name) - {E45BD794-07C3-1757-F771-7B40593FF30F} - (no file)
O2 - BHO: (no name) - {E7E10A94-7C17-AD1A-49E0-508B29FF9D9B} - (no file)
O2 - BHO: (no name) - {F430E182-FBCC-2A8E-3E7E-3D02B29EFC8B} - (no file)
O2 - BHO: (no name) - {F5155F20-FF52-9C3B-B02B-CF48E85DA740} - (no file)
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\javauy32.exe (file missing)

3.) Starte danach nochmals den eScan, lies diesesmal bitte die Anleitung richtig

, Poste dann mit Hilfe der "find.bat" das Ergebnis des Scans.
Achja, und nochmals ein neues Hijacklog.

Wie gesagt, das System ist ziemlich vermüllt, ob wir alles herausbekommen bleibt noch ungewiss, aber ein Versuch ist es mir wert!

Gruß
Sunny

Trantüte · 27.11.2006, 09:20

hi sunny

danke für die weitere hilfe

ich habe es diesmal auch mit der find.bat gemacht. hier die ergebnisse:

SmitFraud:

SmitFraudFix v2.123

Scan done at 15:35:07,95, 24.11.2006
Run from C:\Dokumente und Einstellungen\Schuck.BKW\Eigene Dateien\Meine empfangenen Dateien\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

HiJack: (habe die Einträge gefixt ... sind aber immer noch da

)

Logfile of HijackThis v1.99.1
Scan saved at 09:16:15, on 27.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Telefon\Sony Ericsson\Mobile\audevicemgr.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\Telefon\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
c:\Programme\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Telefon\Sony Ericsson\Mobile\SyncIndicator.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Dokumente und Einstellungen\editiert.editiert\Eigene Dateien\Meine empfangenen Dateien\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=editiert;http=editiert;https=editiert;socks=192.10.1.47:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {0402ED77-6A3E-935E-AC06-95ADD3F1EC13} - (no file)
O2 - BHO: (no name) - {1A3AAC53-69B3-F769-1199-284A99589CE9} - (no file)
O2 - BHO: (no name) - {1BA93373-201C-314A-722B-378A24BEFF9F} - (no file)
O2 - BHO: (no name) - {2793A518-B131-6A45-A669-D11F76853A3C} - (no file)
O2 - BHO: (no name) - {2C0FF493-7CFE-EBB6-BFED-F224B4D819A0} - (no file)
O2 - BHO: (no name) - {2FBDF490-35F1-E082-9FC5-FD05BCC228F1} - (no file)
O2 - BHO: (no name) - {40322C23-9CF3-75AE-8139-3B869E307B62} - (no file)
O2 - BHO: (no name) - {5461194A-61A1-5704-8482-92C1C929085D} - (no file)
O2 - BHO: (no name) - {5589D9AB-A0F2-680A-D323-258D1B13015E} - (no file)
O2 - BHO: (no name) - {6469535C-868D-78CB-87BD-9BF74E0AEB7A} - (no file)
O2 - BHO: (no name) - {7DD85366-D791-988B-E591-E8766F46FA72} - (no file)
O2 - BHO: (no name) - {7DE1763D-9059-7FF3-86E3-B3C3C3C429D7} - (no file)
O2 - BHO: (no name) - {B783C736-3A0E-322A-78D2-E65F0094E9D6} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C2B58764-C5C7-1BD4-E562-74CAC3710D50} - (no file)
O2 - BHO: (no name) - {C649A69E-485D-DD56-6491-4EFEC78FCF50} - (no file)
O2 - BHO: (no name) - {CEAC592B-F6D3-16F9-AF51-E5B628A6E207} - (no file)
O2 - BHO: (no name) - {D536553A-8454-B7B7-A46A-2844AD256394} - (no file)
O2 - BHO: (no name) - {DA3BABA3-5736-6454-A932-76699B3770AC} - (no file)
O2 - BHO: (no name) - {DD35522C-E086-2B5A-7652-36886F75C9C3} - (no file)
O2 - BHO: (no name) - {E45BD794-07C3-1757-F771-7B40593FF30F} - (no file)
O2 - BHO: (no name) - {E7E10A94-7C17-AD1A-49E0-508B29FF9D9B} - (no file)
O2 - BHO: (no name) - {F430E182-FBCC-2A8E-3E7E-3D02B29EFC8B} - (no file)
O2 - BHO: (no name) - {F5155F20-FF52-9C3B-B02B-CF48E85DA740} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://c:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - c:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://editiert/ken.html
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117177643765
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37510.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = editiert.local
O17 - HKLM\Software\..\Telephony: DomainName = editiert.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = editiert.local
O18 - Protocol: bw+0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {F35E856A-4FB7-4149-BA56-6617966BA6EC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe

eScan: (da die datei immer noch sehr gigantisch war habe ich die funde im quarantäne ordner von norton rausgelöscht) (hab leider noch nicht rausgefunden wie man den quarantäne ordner leert *schäm*)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Infektionsmeldungen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fri Nov 24 15:48:29 2006 => System found infected with smartfinder Spyware/Adware ({4a7621f7-51a8-8816-226b-81ee72e669cf})! Action taken: No Action Taken.
Fri Nov 24 15:48:29 2006 => System found infected with cws.homesearch Browser Hijacker ({6f52aa3b-3e87-c242-6ec0-23373b9c1426})! Action taken: No Action Taken.
Fri Nov 24 15:48:29 2006 => System found infected with smartfinder Spyware/Adware ({8f5f3fdd-ca3c-1e88-3714-ee2cc672a96f})! Action taken: No Action Taken.
Fri Nov 24 15:48:29 2006 => System found infected with cws.homesearch Browser Hijacker ({fe19e36e-3b14-cad0-144a-27b795bb4982})! Action taken: No Action Taken.
Fri Nov 24 15:48:29 2006 => System found infected with emedia codec Browser Hijacker ({6bf52a52-394a-11d3-b153-00c04f79faa6})! Action taken: No Action Taken.
Fri Nov 24 15:48:32 2006 => System found infected with mendware Spyware/Adware (iebs.exe)! Action taken: No Action Taken.
Fri Nov 24 15:48:32 2006 => System found infected with coolwwwsearch.smartsearch Browser Hijacker (crqf32.exe)! Action taken: No Action Taken.
Fri Nov 24 15:48:33 2006 => System found infected with winad Spyware/Adware (winad.exe)! Action taken: No Action Taken.
Fri Nov 24 15:48:31 2006 => Object "hsa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Nov 24 15:48:31 2006 => Object "sw Spyware/Adware" found in File System! Action Taken: No Action Taken.
~~~~~~~~~~~
Dateien
~~~~~~~~~~~
~~~~ Infected files
~~~~~~~~~~~
Fri Nov 24 15:48:41 2006 => File C:\!KillBox\javako.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Nov 24 15:48:41 2006 => File C:\!KillBox\javako.exe( 1) infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Nov 24 15:50:13 2006 => File C:\Dokumente und Einstellungen\Schuck.BKW\Eigene Dateien\Meine empfangenen Dateien\hijackthis\backups\backup-20061123-084410-595.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
Fri Nov 24 16:31:18 2006 => File C:\Windows\Temp\lixp1.exe infected by "Trojan-Downloader.Win32.Agent.akq" Virus! Action Taken: No Action Taken.
~~~~~~~~~~~
~~~~ Offending files
~~~~~~~~~~~
Fri Nov 24 15:48:32 2006 => Offending file found: C:\WINDOWS\iebs.exe
Fri Nov 24 15:48:32 2006 => Offending file found: C:\WINDOWS\system32\crqf32.exe
Fri Nov 24 15:48:33 2006 => Offending file found: C:\WINDOWS\system32\winad.exe
~~~~~~~~~~~
~~~~ Tagged files
~~~~~~~~~~~
Fri Nov 24 15:49:10 2006 => File C:\Dokumente und Einstellungen\All Users\Dokumente\mirc\mirc616.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
Fri Nov 24 15:50:16 2006 => File C:\Dokumente und Einstellungen\Schuck.BKW\Eigene Dateien\Meine empfangenen Dateien\SmitfraudFix\SmitfraudFix\Reboot.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
Fri Nov 24 15:50:17 2006 => File C:\Dokumente und Einstellungen\Schuck.BKW\Eigene Dateien\Meine empfangenen Dateien\SmitfraudFix.zip tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
~~~~~~~~~~~
Ordner
~~~~~~~~~~~
~~~~~~~~~~~
Registry
~~~~~~~~~~~
Fri Nov 24 15:48:31 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\hsa !!!
Fri Nov 24 15:48:31 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\sw !!!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fri Nov 24 16:31:23 2006 => Total Errors: 71
Fri Nov 24 16:31:23 2006 => Time Elapsed: 00:43:12
Fri Nov 24 16:31:23 2006 => Total Objects Scanned: 59748
Fri Nov 24 15:47:54 2006 => Virus Database Date: 11/23/2006
Fri Nov 24 16:31:23 2006 => Virus Database Date: 11/23/2006
Fri Nov 24 16:31:35 2006 => Virus Database Date: 11/23/2006
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

vielen dank schon mal im voraus

mfg david

Trantüte · 28.11.2006, 11:39

*Haaaaaaatschi*

Trantüte · 29.11.2006, 08:05

*mir selbst gesundheit wünsch*

Trantüte · 01.12.2006, 08:40

schieb den Thread, schieb den Thread, schieb den Thread zurück nach oben .... lalalala

Trojaner oder ähnliches taucht nach löschung unter anderem namen auf

Log-Analyse und Auswertung: Trojaner oder ähnliches taucht nach löschung unter anderem namen auf