Arbeitsplatz öffnet von selbst !

jim_beam · 30.05.2007, 16:37

Kann sich das mal einer Anschauen ? Mein Arbeitsplatz öffnet sich ständig von selbst !

Vielen Dank für die Mühe

Hier mein Hijack:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17:25:16, on 30.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inethelp.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Programme\Canon\MultiPASS4\MPSERVIC.EXE
C:\Programme\PurgeIE\PurgeIE_Service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Windows Defender\MSASCui.exe
C:\Programme\Gemeinsame Dateien\DriveCleaner 2006 Free\sdrmon.exe
C:\WINDOWS\system32\fxredir.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Programme\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\Versatel\Versatel.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programme\SPYWAREfighter\spftray.exe
C:\Programme\SPYWAREfighter\spfprc.exe
C:\Programme\SPYWAREfighter\SPYWAREfighter.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\******\Eigene Dateien\Eigene Bilder\astra\HiJackThis_v2\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w*w.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w*w.versatel.de/internet-cd/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von Versatel
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SDR6U_Check] "C:\Programme\Gemeinsame Dateien\DriveCleaner 2006 Free\sdrmon.exe"
O4 - HKLM\..\Run: [monitr32] C:\Programme\Canon\MultiPASS4\monitr32.exe
O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\system32\fxredir.exe
O4 - HKLM\..\Run: [MPTBox] C:\Programme\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programme\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Programme\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O4 - Startup: Registration .LNK = C:\Programme\Ubisoft\Demo\Tom Clancy's Splinter Cell Double Agent Demo\support\Register\Reg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - h**p://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - h**p://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - h**p://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - h**p://******.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - h**p://office.dogcam.smalldog.com/activex/AxisCamControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - h**p://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - **tp://support.packardbell.com/files/activex/InfosFinder2.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - h**p://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B19D9B5-24DC-40EF-B691-7990F34AAEDC}: NameServer = 89.246.64.8 62.220.18.8
O20 - Winlogon Notify: inethelp - C:\WINDOWS\SYSTEM32\inethelp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallDriver Table Manager (inethelp) - Unknown owner - C:\WINDOWS\system32\inethelp.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: IP Pakete Überwachen und Aufzeichnen (IPPackwatch1) - Profiler3D - C:\Programme\Profiler3D\Scannet 3.9\IPPWatch.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: MpService - Canon Inc - C:\Programme\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\Dokumente und Einstellungen\Christian\Desktop\Norton AntiVirus\AdvTools\NPROTECT.EXE (file missing)
O23 - Service: PurgeIE XP Service (PurgeIEservice) - Assistance & Resources for Computing, Inc. - C:\Programme\PurgeIE\PurgeIE_Service.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programme\SPYWAREfighter\spfprc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 11641 bytes

undoreal · 31.05.2007, 11:12

Halli hallo.

Du bist mit Maleware und vielleicht auch mehr infiziert.

-Lasse folgende Dateien auf Virustotal überprüfen und poste das Ergebnis:

" C:\WINDOWS\system32\inethelp.exe "
" C:\WINDOWS\SYSTEM32\inethelp.dll "
" C:\Programme\Profiler3D\Scannet 3.9\IPPWatch.exe "
Beachte den link in meiner Signatur zum Suchen von Dateien..

-Suche in der Systemsteuerung->Software nach DriveCleaner oder ähnlichem und deinstalliere es.

-Deaktiviere die Systemwiederherstellung auf allen Laufwerken.

-Fixe folgende Einträge mit HJT: (wenn noch vorhanden)

* C:\WINDOWS\system32\inethelp.exe *
* C:\Programme\Gemeinsame Dateien\DriveCleaner 2006 Free\sdrmon.exe *
* R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w*w.versatel.de/internet-cd/ *
* R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLef tPane.htm *
* O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) *
* O4 - HKLM\..\Run: [SDR6U_Check] "C:\Programme\Gemeinsame Dateien\DriveCleaner 2006 Free\sdrmon.exe" *
* O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) *
* O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) *
* O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - h**p://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSe tup1.0.0.15.cab *
* O20 - Winlogon Notify: inethelp - C:\WINDOWS\SYSTEM32\inethelp.dll *
* O23 - Service: InstallDriver Table Manager (inethelp) - Unknown owner - C:\WINDOWS\system32\inethelp.exe *

-Lasse cCleaner dein System bereinigen. Die Registry bitte mehrmals.

-Starte deinen Rechner neu und poste ein neues HJT logFile sowie eine frische Problem/odernicht/beschreibung..

Gruß

Undoreal

jim_beam · 01.06.2007, 13:03

Moin, schon einmal danke für die Hilfe es scheint jetz behoben zu sein......Habe alle deine Anweisungen gewissenhaft durchgeführt !

Hier die Ergebnisse von Virustotal und ganz unten das aktuelle Hijack

Complete scanning result of "inethelp.exe", received in VirusTotal at 06.01.2007, 12:43:50 (CET).
Antivirus
Version
Update
Result
AhnLab-V3
2007.5.31.2
06.01.2007
no virus found
AntiVir
7.4.0.29
06.01.2007
no virus found
Authentium
4.93.8
05.23.2007
no virus found
Avast
4.7.997.0
05.31.2007
no virus found
AVG
7.5.0.467
06.01.2007
no virus found
BitDefender
7.2
06.01.2007
no virus found
CAT-QuickHeal
9.00
05.31.2007
(Suspicious) - DNAScan
ClamAV
devel-20070416
05.31.2007
no virus found
DrWeb
4.33
06.01.2007
no virus found
eSafe
7.0.15.0
05.31.2007
Suspicious Trojan/Worm
eTrust-Vet
30.7.3682
06.01.2007
no virus found
Ewido
4.0
06.01.2007
no virus found
FileAdvisor
1
06.01.2007
no virus found
Fortinet
2.85.0.0
06.01.2007
suspicious
F-Prot
4.3.2.48
05.31.2007
no virus found
F-Secure
6.70.13030.0
06.01.2007
no virus found
Ikarus
T3.1.1.8
06.01.2007
no virus found
Kaspersky
4.0.2.24
06.01.2007
no virus found
McAfee
5043
05.31.2007
no virus found
Microsoft
1.2503
06.01.2007
no virus found
NOD32v2
2303
06.01.2007
no virus found
Norman
5.80.02
06.01.2007
no virus found
Panda
9.0.0.4
06.01.2007
no virus found
Prevx1
V2
06.01.2007
no virus found
Sophos
4.18.0
05.31.2007
no virus found
Sunbelt
2.2.907.0
05.30.2007
Mini Key Log
Symantec
10
06.01.2007
Spyware.MiniKeylogger
TheHacker
6.1.6.128
05.31.2007
no virus found
VBA32
3.12.0
05.31.2007
no virus found
VirusBuster
4.3.23:9
05.31.2007
no virus found
Webwasher-Gateway
6.0.1
06.01.2007
Win32.Malware.gen (suspicious

--------------------------------------------------------------
Complete scanning result of "inethelp.exe", received in VirusTotal at 06.01.2007, 12:43:50 (CET).
Antivirus
Version
Update
Result
AhnLab-V3
2007.5.31.2
06.01.2007
no virus found
AntiVir
7.4.0.29
06.01.2007
no virus found
Authentium
4.93.8
05.23.2007
no virus found
Avast
4.7.997.0
05.31.2007
no virus found
AVG
7.5.0.467
06.01.2007
no virus found
BitDefender
7.2
06.01.2007
no virus found
CAT-QuickHeal
9.00
05.31.2007
(Suspicious) - DNAScan
ClamAV
devel-20070416
05.31.2007
no virus found
DrWeb
4.33
06.01.2007
no virus found
eSafe
7.0.15.0
05.31.2007
Suspicious Trojan/Worm
eTrust-Vet
30.7.3682
06.01.2007
no virus found
Ewido
4.0
06.01.2007
no virus found
FileAdvisor
1
06.01.2007
no virus found
Fortinet
2.85.0.0
06.01.2007
suspicious
F-Prot
4.3.2.48
05.31.2007
no virus found
F-Secure
6.70.13030.0
06.01.2007
no virus found
Ikarus
T3.1.1.8
06.01.2007
no virus found
Kaspersky
4.0.2.24
06.01.2007
no virus found
McAfee
5043
05.31.2007
no virus found
Microsoft
1.2503
06.01.2007
no virus found
NOD32v2
2303
06.01.2007
no virus found
Norman
5.80.02
06.01.2007
no virus found
Panda
9.0.0.4
06.01.2007
no virus found
Prevx1
V2
06.01.2007
no virus found
Sophos
4.18.0
05.31.2007
no virus found
Sunbelt
2.2.907.0
05.30.2007
Mini Key Log
Symantec
10
06.01.2007
Spyware.MiniKeylogger
TheHacker
6.1.6.128
05.31.2007
no virus found
VBA32
3.12.0
05.31.2007
no virus found
VirusBuster
4.3.23:9
05.31.2007
no virus found
Webwasher-Gateway
6.0.1
06.01.2007
Win32.Malware.gen (suspicious

Complete scanning result of "inethelp.dll", received in VirusTotal at 06.01.2007, 12:47:32 (CET).
Antivirus
Version
Update
Result
AhnLab-V3
2007.5.31.2
06.01.2007
no virus found
AntiVir
7.4.0.29
06.01.2007
no virus found
Authentium
4.93.8
05.23.2007
no virus found
Avast
4.7.997.0
05.31.2007
no virus found
AVG
7.5.0.467
06.01.2007
no virus found
BitDefender
7.2
06.01.2007
no virus found
CAT-QuickHeal
9.00
05.31.2007
no virus found
ClamAV
devel-20070416
05.31.2007
no virus found
DrWeb
4.33
06.01.2007
no virus found
eSafe
7.0.15.0
05.31.2007
no virus found
eTrust-Vet
30.7.3682
06.01.2007
no virus found
Ewido
4.0
06.01.2007
no virus found
FileAdvisor
1
06.01.2007
no virus found
Fortinet
2.85.0.0
06.01.2007
suspicious
F-Prot
4.3.2.48
05.31.2007
no virus found
F-Secure
6.70.13030.0
06.01.2007
no virus found
Ikarus
T3.1.1.8
06.01.2007
no virus found
Kaspersky
4.0.2.24
06.01.2007
no virus found
McAfee
5043
05.31.2007
no virus found
Microsoft
1.2503
06.01.2007
no virus found
NOD32v2
2303
06.01.2007
no virus found
Norman
5.80.02
06.01.2007
no virus found
Panda
9.0.0.4
06.01.2007
no virus found
Prevx1
V2
06.01.2007
no virus found
Sophos
4.18.0
05.31.2007
no virus found
Sunbelt
2.2.907.0
05.30.2007
no virus found
Symantec
10
06.01.2007
Spyware.MiniKeylogger
TheHacker
6.1.6.128
05.31.2007
no virus found
VBA32
3.12.0
05.31.2007
no virus found
VirusBuster
4.3.23:9
05.31.2007
no virus found
Webwasher-Gateway
6.0.1
06.01.2007
Virus.Win32.FileInfector.gen!88 (suspicious)

------------------------------------------------------

Complete scanning result of "inethelp.dll", received in VirusTotal at 06.01.2007, 12:47:32 (CET).
Antivirus
Version
Update
Result
AhnLab-V3
2007.5.31.2
06.01.2007
no virus found
AntiVir
7.4.0.29
06.01.2007
no virus found
Authentium
4.93.8
05.23.2007
no virus found
Avast
4.7.997.0
05.31.2007
no virus found
AVG
7.5.0.467
06.01.2007
no virus found
BitDefender
7.2
06.01.2007
no virus found
CAT-QuickHeal
9.00
05.31.2007
no virus found
ClamAV
devel-20070416
05.31.2007
no virus found
DrWeb
4.33
06.01.2007
no virus found
eSafe
7.0.15.0
05.31.2007
no virus found
eTrust-Vet
30.7.3682
06.01.2007
no virus found
Ewido
4.0
06.01.2007
no virus found
FileAdvisor
1
06.01.2007
no virus found
Fortinet
2.85.0.0
06.01.2007
suspicious
F-Prot
4.3.2.48
05.31.2007
no virus found
F-Secure
6.70.13030.0
06.01.2007
no virus found
Ikarus
T3.1.1.8
06.01.2007
no virus found
Kaspersky
4.0.2.24
06.01.2007
no virus found
McAfee
5043
05.31.2007
no virus found
Microsoft
1.2503
06.01.2007
no virus found
NOD32v2
2303
06.01.2007
no virus found
Norman
5.80.02
06.01.2007
no virus found
Panda
9.0.0.4
06.01.2007
no virus found
Prevx1
V2
06.01.2007
no virus found
Sophos
4.18.0
05.31.2007
no virus found
Sunbelt
2.2.907.0
05.30.2007
no virus found
Symantec
10
06.01.2007
Spyware.MiniKeylogger
TheHacker
6.1.6.128
05.31.2007
no virus found
VBA32
3.12.0
05.31.2007
no virus found
VirusBuster
4.3.23:9
05.31.2007
no virus found
Webwasher-Gateway
6.0.1
06.01.2007
Virus.Win32.FileInfector.gen!88 (suspicious)

Complete scanning result of "IPPWatch.exe", received in VirusTotal at 06.01.2007, 12:53:17 (CET).
Antivirus
Version
Update
Result
AhnLab-V3
2007.5.31.2
06.01.2007
no virus found
AntiVir
7.4.0.29
06.01.2007
no virus found
Authentium
4.93.8
05.23.2007
no virus found
Avast
4.7.997.0
05.31.2007
no virus found
AVG
7.5.0.467
06.01.2007
no virus found
BitDefender
7.2
06.01.2007
no virus found
CAT-QuickHeal
9.00
05.31.2007
no virus found
ClamAV
devel-20070416
05.31.2007
no virus found
DrWeb
4.33
06.01.2007
no virus found
eSafe
7.0.15.0
05.31.2007
no virus found
eTrust-Vet
30.7.3682
06.01.2007
no virus found
Ewido
4.0
06.01.2007
no virus found
FileAdvisor
1
06.01.2007
no virus found
Fortinet
2.85.0.0
06.01.2007
no virus found
F-Prot
4.3.2.48
05.31.2007
no virus found
F-Secure
6.70.13030.0
06.01.2007
no virus found
Ikarus
T3.1.1.8
06.01.2007
no virus found
Kaspersky
4.0.2.24
06.01.2007
no virus found
McAfee
5043
05.31.2007
no virus found
Microsoft
1.2503
06.01.2007
no virus found
NOD32v2
2303
06.01.2007
no virus found
Norman
5.80.02
06.01.2007
no virus found
Panda
9.0.0.4
06.01.2007
no virus found
Prevx1
V2
06.01.2007
no virus found
Sophos
4.18.0
05.31.2007
no virus found
Sunbelt
2.2.907.0
05.30.2007
no virus found
Symantec
10
06.01.2007
no virus found
TheHacker
6.1.6.128
05.31.2007
no virus found
VBA32
3.12.0
05.31.2007
no virus found
VirusBuster
4.3.23:9
05.31.2007
no virus found
Webwasher-Gateway
6.0.1
06.01.2007
no virus found

---------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
[edit]
bitte editiere zukünftig deine links, wie es dir u.a. hier angezeigt wird:
http://www.trojaner-board.de/22771-a...tml#post171958

danke
GUA
[/edit]

undoreal · 05.06.2007, 09:20

Halli hallo.

Das sieht ja schonmal ganz gut aus! :aplaus:

Mit dem inethelp bin ich mir einfach noch nicht sicher.

Erstelle bitte ein iClean-Report: Prog in eigenem Ordner ausführen-> "Yes" -> File->Report->Inhald abkopieren.

und lasse deinen Rechner von Spybot und AdAware durchkauen..

Gruß

Undoreal

bln_eddie · 09.01.2010, 21:53

Hallo...

Ich habe das gleiche Problem, vielleicht könnte mir auch jemand helfen??

Hijackscan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:51:46, on 09.01.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
F:\Programme\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262888061359
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Update Service (gupdate1ca3e1f583c8530) (gupdate1ca3e1f583c8530) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 5105 bytes

Hoffe das mir jemand helfen kann, vielen Dank!!!!!!!!!!!

Arbeitsplatz öffnet von selbst !

Log-Analyse und Auswertung: Arbeitsplatz öffnet von selbst !