Warning! Spyware detected.. Bitte um Mithilfe

memph1s · 27.08.2008, 03:22

Hallo liebe Trojaner-Board Gemeinde...

Mein Freund hat sich einen Virus eingefangen der seinen Pc lahm legt..

Beim Booten selbst treten keine ungewöhnlichkeiten auf, nur sobald man sich nach dem Login angemeldet hat erscheint ein Fenster indem steht :

Windows Warning Message

Warning Spyware detected on your computer..

Die befallenen Files lauten: Win32/Adware-Virtumonde und Win32/PrivacyRemoverM64..

Das Programm Antivirxp08 ist meines erachtens ein Virus, selbst das deinstallieren des Programms scheitert mit einer Nachricht senden an Microsoft fehl..

Installiert ist freeantivir..

Nach 10 Sekunden wird der Pc heruntergefahren und es erscheint ein blue screen... befinde mich dementsprechend im abgesicherten Modus..

Hoffe ihr könnt mir helfen..

Anbei die HijackThis Log :

Logfile of HijackThis v1.99.1
Scan saved at 00:10:26, on 27.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\DOKUME~1\Besitzer\LOKALE~1\Temp\Temporäres Verzeichnis 2 für hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.sat1.de/index.php?icqpath=icq
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.1und1.de/Herzlich_Willkommen/b1/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von 1 & 1 Internet AG
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (file missing)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (file missing)
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [cFosDNT] C:\Programme\1&1 Programme\cFos\cFosDNT.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [inrhc7qhj0e32g] C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\.tt1A3.tmp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WISE-FTP Task Planner] "C:\Programme\AceBIT\WISE-FTP 4\wf_tp.exe"
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fvgwgww] "c:\dokumente und einstellungen\besitzer\lokale einstellungen\anwendungsdaten\fvgwgww.exe" fvgwgww
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD-Startbeschleuniger.lnk = C:\Programme\Gemeinsame Dateien\Autodesk Shared\acstart16.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: RegisteringCatia.lnk = C:\Programme\Dassault Systemes\B09D20\INSTALL.bat
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - h**p://www.ieservicegate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - h**p://www.ieservicegate.com/redirect.php (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1F831FA3-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Programme\AutoCAD 2002 Deu\InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday-Steuerung) - file://C:\Programme\AutoCAD 2002 Deu\AcDcToday.ocx
O16 - DPF: {AE563724-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programme\AutoCAD 2002 Deu\InstBanr.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**ps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview-Steuerung) - file://C:\Programme\AutoCAD 2002 Deu\AcPreview.ocx
O18 - Protocol: bw+0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Vielen Dank im Vorraus

mfg memph1s

Chris4You · 27.08.2008, 06:42

Hi,

bitte in den abgesicherten Modus:

Bitte folgende Files prüfen:

Zitat:

c:\dokumente und einstellungen\besitzer\lokale einstellungen\anwendungsdaten\fvgwgww.exe

http://www.virustotal.com/flash/index_en.html
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen
Poste das Ergebniss, wobei Du gleich weiter machen kannst...

Also:
Anleitung Avenger (by swandog46)

1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:

2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist.

Kopiere nun folgenden Text in das weiße Feld:
(bei -> "input script here")

Code:

ATTFilter

Files to delete:
c:\dokumente und einstellungen\besitzer\lokale einstellungen\anwendungsdaten\fvgwgww.exe

3.) Schliesse nun alle Programme (vorher notfalls abspeichern!) und Browser-Fenster, nach dem Ausführen des Avengers wird das System neu gestartet.

4.) Um den Avenger zu starten klicke auf -> Execute
Dann bestätigen mit "Yes" das der Rechner neu startet!

5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt
Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.

Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
Beim fixen müssen alle Programme geschlossen sein!

Code:

ATTFilter

O4 - HKCU\..\Run: [fvgwgww] "c:\dokumente und einstellungen\besitzer\lokale einstellungen\anwendungsdaten\fvgwgww.exe" fvgwgww
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (file missing)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)

Danach bitte MAM installieren & updaten, Combofix downloaden, Beschreibung ausdrucken.
Erneut offline gehen und beides ausführen und Logs mit neuem HJ-Log posten:

Malwarebytes Antimalware (MAM).
Anleitung hier: http://www.trojaner-board.de/51187-malwarebytes-anti-malware.html
Nutze aber bitte diesen Downloadlink http://filepony.de/download-malwarebytes_anti_malware/.

Combofix
Lade ComboFix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.
Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report angezeigt, den bitte kopieren und in deinem Thread einfuegen.
Weitere Anleitung unter:http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird

Chris

memph1s · 27.08.2008, 18:08

Erstmal danke für deine Anleitung...

Die Datei konnte er auf der Seite nicht überprüfen lassen, also sind wir zum nächsten Schritt weiter...

Hier in der Reihenfolge also die Logs :

Avenger

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Aug 27 16:21:51 2008

16:21:51: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Aug 27 16:22:03 2008

16:22:03: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Aug 27 16:22:08 2008

16:22:08: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Aug 27 16:22:22 2008

16:22:22: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Aug 27 16:22:26 2008

16:22:26: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Aug 27 16:22:44 2008

16:22:44: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Aug 27 16:23:31 2008

16:23:31: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "tdssserv" found!
ImagePath: \systemroot\system32\drivers\tdssserv.sys
Start Type: 1 (System)

Rootkit scan completed.

File "c:\dokumente und einstellungen\besitzer\lokale einstellungen\anwendungsdaten\fvgwgww.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

memph1s · 27.08.2008, 18:10

MAM:

Malwarebytes' Anti-Malware 1.25
Datenbank Version: 1088
Windows 5.1.2600 Service Pack 2

18:19:09 27.08.2008
mbam-log-08-27-2008 (18-19-09).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 159789
Laufzeit: 44 minute(s), 27 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 10
Infizierte Registrierungswerte: 9
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 13
Infizierte Dateien: 15

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc7qhj0e32g (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Online Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\inrhc7qhj0e32g (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Programme\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Programme\Video Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\rhc7qhj0e32g (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\rhc7qhj0e32g\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\rhc7qhj0e32g\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\rhc7qhj0e32g\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\rhc7qhj0e32g\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\rhc7qhj0e32g\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\rhc7qhj0e32g\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\rhc7qhj0e32g\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\rhc7qhj0e32g\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\rhc7qhj0e32g\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\rhc7qhj0e32g\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\system32\blphc3qhj0e32g.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rkvdr.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Programme\Outerinfo\outerinfo.ico (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Programme\Outerinfo\Terms.rtf (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\cleanup.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\lphc3qhj0e32g.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Besitzer\Favoriten\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.

memph1s · 27.08.2008, 18:11

COMBOFIX :

ComboFix 08-08-26.03 - Besitzer 2008-08-27 18:34:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.238 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Besitzer\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\macromedia\Flash Player\#SharedObjects\66B4D8M3\bin.clearspring.com
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\macromedia\Flash Player\#SharedObjects\66B4D8M3\bin.clearspring.com\clearspring.sol
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\macromedia\Flash Player\#SharedObjects\66B4D8M3\www.broadcaster.com
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Dokumente und Einstellungen\Besitzer\Cookies\besitzer@asn.advolution[1].txt
C:\Dokumente und Einstellungen\Besitzer\Cookies\besitzer@komtrack[2].txt
C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\CROSOF~1.NET
C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\CROSOF~1.NET\??crosoft.NET\
C:\Dokumente und Einstellungen\Besitzer\Favoriten\Videos.url
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\fvgwgww.dat
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\fvgwgww_nav.dat
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\fvgwgww_navps.dat
C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Outerinfo
C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Outerinfo\Terms.lnk
C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Outerinfo\Uninstall.lnk
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\ymbols~1

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_tdssserv

((((((((((((((((((((((( Dateien erstellt von 2008-07-27 bis 2008-08-27 ))))))))))))))))))))))))))))))
.

2008-08-27 16:36 . 2008-08-27 16:36 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-08-27 16:36 . 2008-08-27 16:36 <DIR> d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Malwarebytes
2008-08-27 16:36 . 2008-08-27 16:36 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-08-27 16:36 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-27 16:36 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-27 16:23 . 2008-08-27 16:23 135,168 --a------ C:\zip.exe
2008-08-27 16:23 . 2008-08-27 16:23 19,286 --a------ C:\cleanup.exe
2008-08-27 03:35 . 2008-08-27 14:11 <DIR> d-------- C:\Programme\Enigma Software Group
2008-07-29 16:13 . 2008-07-29 16:13 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\id Software

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 16:29 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
2008-08-27 01:32 --------- d-----w C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\foobar2000
2008-08-09 18:47 --------- d-----w C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\HLSW
2008-08-04 14:59 --------- d-----w C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\teamspeak2
2008-07-31 01:32 --------- d-----w C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\dvdcss
2008-07-31 01:04 --------- d-----w C:\Programme\Macromedia
2008-07-31 01:04 --------- d-----w C:\Programme\Gemeinsame Dateien\Macromedia
2008-07-29 16:48 --------- d-----w C:\Programme\PowerStrip
2008-07-29 14:13 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-07-29 14:13 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-29 14:13 22,328 ----a-w C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PnkBstrK.sys
2008-07-29 14:13 2,246,144 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-07-29 14:13 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-07-21 20:03 --------- d-----w C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\uTorrent
2008-07-20 23:09 --------- d-----w C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Skype
2008-07-20 18:03 --------- d-s---w C:\Programme\HLSW
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-15 11:05 --------- d-----w C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQ
2008-07-09 23:50 --------- d-----w C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Nokia Multimedia Player
2008-07-07 20:30 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 07:46 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-07-07 07:46 --------- d-----w C:\Programme\ICQ6
2008-07-07 07:45 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
2008-07-07 07:43 --------- d-----w C:\Programme\ICQLite
2008-06-24 16:22 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:38 665,088 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2007-06-25 18:29 92,064 ----a-w C:\Dokumente und Einstellungen\Besitzer\mqdmmdm.sys
2007-06-25 18:29 9,232 ----a-w C:\Dokumente und Einstellungen\Besitzer\mqdmmdfl.sys
2007-06-25 18:29 79,328 ----a-w C:\Dokumente und Einstellungen\Besitzer\mqdmserd.sys
2007-06-25 18:29 66,656 ----a-w C:\Dokumente und Einstellungen\Besitzer\mqdmbus.sys
2007-06-25 18:29 6,208 ----a-w C:\Dokumente und Einstellungen\Besitzer\mqdmcmnt.sys
2007-06-25 18:29 5,936 ----a-w C:\Dokumente und Einstellungen\Besitzer\mqdmwhnt.sys
2007-06-25 18:29 4,048 ----a-w C:\Dokumente und Einstellungen\Besitzer\mqdmcr.sys
2007-06-25 18:29 25,600 ----a-w C:\Dokumente und Einstellungen\Besitzer\usbsermptxp.sys
2007-06-25 18:29 22,768 ----a-w C:\Dokumente und Einstellungen\Besitzer\usbsermpt.sys
2007-05-03 16:08 89,912 ----a-w C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2006-05-06 16:42 7,260,160 ----a-w C:\Programme\mozilla firefox\plugins\libvlc.dll
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 02:04 1415824]
"LDM"="C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-22 19:24 32768]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VOBRegCheck"="C:\WINDOWS\System32\VOBREGCheck.exe" [2003-01-08 15:55 153088]
"Microsoft Works Update Detection"="C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-24 19:43 28672]
"cFosDNT"="C:\Programme\1&1 Programme\cFos\cFosDNT.exe" [2003-01-22 13:08 290871]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ISUSPM"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" [2006-03-20 18:34 213936]
"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12 90112]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 13:56 266497]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 13:45 49152 C:\WINDOWS\KHALMNPR.Exe]
"SoundMan"="SOUNDMAN.EXE" [2003-01-20 11:48 47104 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Kodak EasyShare Software.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Kodak EasyShare Software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare Software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Besitzer^Startmenü^Programme^Autostart^TomTom HOME.lnk]
path=C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\TomTom HOME.lnk
backup=C:\WINDOWS\pss\TomTom HOME.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient]
--a------ 2006-04-20 16:47 323584 C:\Programme\avmwlanstick\FRITZWLANMini.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-04 00:29 165784 C:\Programme\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-11-24 18:16 20058152 C:\Programme\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Dassault Systemes\\B09D20\\intel_a\\code\\bin\\orbixd.exe"=
"C:\\Programme\\Dassault Systemes\\B09D20\\intel_a\\code\\bin\\CNEXT.exe"=
"C:\\Programme\\SopCast\\SopCast.exe"=
"C:\\Dokumente und Einstellungen\\Besitzer\\Anwendungsdaten\\SopCast\\adv\\SopAdver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Programme\\Mozilla Firefox\\firefox.exe"=
"C:\\Dokumente und Einstellungen\\Besitzer\\Eigene Dateien\\ICQ Lite\\485043919\\ben2k_227989841\\wc3 1.17\\Warcraft III.exe"=
"C:\\Dokumente und Einstellungen\\Besitzer\\Desktop\\Call of Duty 2 an Redfuchs\\CoD2MP_s_or.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Programme\\HLSW\\hlsw.exe"=
"C:\\Dokumente und Einstellungen\\Besitzer\\Eigene Dateien\\ICQ Lite\\485043919\\ben2k_227989841\\installer-13387-32de-Nero-ShowTime-Deutsch.exe"=
"C:\\Programme\\ICQ6\\ICQ.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=

R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\si3112r.sys [2002-10-10 15:31]
R2 cFosNT;cFosNT;C:\WINDOWS\system32\Drivers\cFosNT.sys [2003-01-22 13:08]
R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [2007-07-15 03:37]
R2 vcs;vcs;D:\AV VCS 3.0 Gold\vcs.sys [2003-04-30 13:24]
R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2002-11-04 16:29]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2002-11-04 16:32]
S0 ooxzprl;ooxzprl;C:\WINDOWS\system32\drivers\vmweneup.sys []
S0 xhubylyc;xhubylyc;C:\WINDOWS\system32\drivers\ntuqcuf.sys []
S2 ICQ Service;ICQ Service;C:\Programme\ICQ6Toolbar\ICQ Service.exe []
S3 FWLANUSB;AVM FRITZ!WLAN;C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2006-04-06 02:00]
S3 naecd;naecd;C:\DOKUME~1\Besitzer\LOKALE~1\Temp\naecd.sys []
S3 TNPacket;T-Systems Nova Packet Capture Driver;C:\Programme\T-DSL SpeedManager\TNPACKET.SYS [2002-10-09 13:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5fa9dac2-bf69-11db-8a3f-0010dcebbea3}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62ba8b40-a4e9-11dc-8c7c-0010dcebbea3}]
\Shell\AutoRun\command - L:\pushinst.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8675b842-c5ad-11db-8a55-0010dcebbea3}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe
.
Inhalt des "geplante Tasks" Ordners

2008-08-26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programme\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]
.
- - - - Entfernte verwaiste Registrierungseintr„ge - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-WISE-FTP Task Planner - C:\Programme\AceBIT\WISE-FTP 4\wf_tp.exe
HKLM-Run-QuickTime Task - C:\Programme\QuickTime\qttask.exe
HKLM-Run-iTunesHelper - C:\Programme\iTunes\iTunesHelper.exe
MSConfigStartUp-DAEMON Tools-1033 - C:\Programme\D-Tools\daemon.exe
MSConfigStartUp-EA Core - C:\Programme\Electronic Arts\EA Link\Core.exe
MSConfigStartUp-ICQ Lite - C:\Programme\ICQLite\ICQLite.exe
MSConfigStartUp-iTunesHelper - C:\Programme\iTunes\iTunesHelper.exe
MSConfigStartUp-MsnMsgr - C:\Programme\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-NeroFilterCheck - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
MSConfigStartUp-PCMService - C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe

.
------- Zus„tzlicher Scan -------
.
FireFox -: Profile - C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\k1lem30x.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.de/
FF -: plugin - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\id Software\QuakeLive\npquakezero.dll
FF -: plugin - C:\Programme\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Programme\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - C:\Programme\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - C:\Programme\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-27 18:44:16
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Weitere, laufende Prozesse ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Microsoft Office\Office\FINDFAST.EXE
C:\Programme\Microsoft Office\Office\OSA.EXE
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-08-27 18:55:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2008-08-27 16:55:23

Pre-Run: 16 Verzeichnis(se), 23,470,350,336 Bytes frei
Post-Run: 20 Verzeichnis(se), 27,666,059,264 Bytes frei

230 --- E O F --- 2008-08-17 22:09:27

memph1s · 27.08.2008, 18:12

Und zuletzt noch die HijackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 19:01:37, on 27.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\1&1 Programme\cFos\cFosDNT.exe
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Microsoft Office\Office\FINDFAST.EXE
C:\Programme\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\DOKUME~1\Besitzer\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1und1.de/Herzlich_Willkommen/b1/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (file missing)
O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [cFosDNT] C:\Programme\1&1 Programme\cFos\cFosDNT.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD-Startbeschleuniger.lnk = C:\Programme\Gemeinsame Dateien\Autodesk Shared\acstart16.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: RegisteringCatia.lnk = C:\Programme\Dassault Systemes\B09D20\INSTALL.bat
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1F831FA3-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Programme\AutoCAD 2002 Deu\InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday-Steuerung) - file://C:\Programme\AutoCAD 2002 Deu\AcDcToday.ocx
O16 - DPF: {AE563724-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programme\AutoCAD 2002 Deu\InstBanr.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview-Steuerung) - file://C:\Programme\AutoCAD 2002 Deu\AcPreview.ocx
O18 - Protocol: bw+0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {10C3AA90-7819-48BB-BA38-D25E3354F34C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

memph1s · 27.08.2008, 18:13

Soweit scheint alles wieder zu funktionieren, vielen dank dafür

Solltest du dennoch etwas finden, bitte ich um Rückantwort..

mfg memph1s \o/

Chris4You · 27.08.2008, 21:46

Hi,

bitte folgende Treiber online prüfen lassen und Ergebnis posten:
C:\WINDOWS\system32\drivers\vmweneup.sys
C:\WINDOWS\system32\drivers\ntuqcuf.sys
C:\DOKUME~1\Besitzer\LOKALE~1\Temp\naecd.sys
Ich kann diese Teile nicht zuordnen (ein Treiber in einem Tempverzeichnis???)...

HJ sieht gut aus...

chris

Warning! Spyware detected.. Bitte um Mithilfe

Log-Analyse und Auswertung: Warning! Spyware detected.. Bitte um Mithilfe