bitte nachschauen
 

Hallo

bin neu hier. Eine Freundin (Luuranko im Forum hier) hat mich hier hingewiesen da mein PC angegriffen ist.

Habe leider nicht viel Ahnung von Pcs.


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Microsoft Hardware\Keyboard\type32.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Programme\AOL 9.0\aoltray.exe
C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Programme\AOL 9.0\waol.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Programme\AOL 9.0\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\GERTRUDE\Eigene Dateien\hijackthis1982\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cust...//my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cust...//my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn1\ycomp5_3_18_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Programme\QuickSearch\QuickSearchBar3_28.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Programme\QuickSearch\QuickSearchBar3_28.dll
O3 - Toolbar: Yahoo! Assistent - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn1\ycomp5_3_18_0.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [NvCplDaemon] REM RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] REM nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] REM "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MessengerPlus2] REM "C:\Dokumente und Einstellungen\GERTRUDE\Desktop\MsgPlus.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Programme\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [mmtask] REM C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [mm_server] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [BeClean Agent] C:\Programme\BeClean\bca.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [mwavscan] "C:\TEMP\mwavscan.com" /s
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSxdm179
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab31267.cab
O16 - DPF: {D34151C8-0C6C-4A7D-B677-4FCC9552E957} (snConnect Class) - http://www.bcnx.com/SunInfoConnect_w...com_medium.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CCA4A99-39DF-4A5D-B2C6-B501FF380BD9}: NameServer = 205.188.146.146

Escan


Wed Nov 24 16:17:06 2004 => ***** Scanning complete. *****
Wed Nov 24 16:17:06 2004 => Total Number of Files Scanned: 39450
Wed Nov 24 16:17:06 2004 => Total Number of Virus(es) Found: 23
Wed Nov 24 16:17:06 2004 => Total Number of Disinfected Files: 0
Wed Nov 24 16:17:06 2004 => Total Number of Files Renamed: 0
Wed Nov 24 16:17:06 2004 => Total Number of Deleted Files: 2
Wed Nov 24 16:17:07 2004 => Total Number of Errors: 2



File C:\Programme\AOL 8.0\aol90\setup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Programme\AOL 9.0\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Programme\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\runner.exe tagged as not-a-virus:AdWare.BackWeb.a. No Action Taken.
File C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe tagged as not-a-virus:AdWare.BackWeb.a. No Action Taken.
File C:\Programme\MyWebSearch\bar\1.bin\MWSOEMON.EXE tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\Programme\MyWebSearch\bar\1.bin\MWSOEPLG.DLL tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\371D7B43 infected by "TrojanDownloader.Win32.Ladder.b" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\4A390804 tagged as not-a-virus:PornWare.Dialer.Star. No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\4A3C3201 tagged as not-a-virus:PornWare.Dialer.Generic. No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\599232E9 tagged as not-a-virus:RiskWare.Monitor.Dafunk. No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\59955CE6 tagged as not-a-virus:RiskWare.Monitor.Dafunk. No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\6A6520E8 tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\785D3E93 tagged as not-a-virus:PornWare.Dialer.Intexdial. No Action Taken.
File C:\Programme\themexp\Themexp.org File\NNEZTA388.exe tagged as not-a-virus:AdWare.NewDotNet. No Action Taken.
File C:\Programme\themexp\Themexp.org File\TBEZA127Q.exe tagged as not-a-virus:AdWare.ToolBar.Quick.a. No Action Taken.
File C:\Programme\themexp\Themexp.org File\WUSV-SYNCmInst.exe tagged as not-a-virus:AdWare.SaveNow.v. No Action Taken.
File D:\Downloads\Alte Sicherung\Download\Schaf.exe tagged as not-a-virus:Simulator.Win16.Sheep. No Action Taken.
File D:\Downloads\DivX521XP2K.exe tagged as not-a-virus:AdWare.F1Organizer.n. No Action Taken.
File D:\Downloads\GarnierFruitTree.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File D:\Downloads\GFTWater\GFTWater.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File D:\Eigene Dateien\6735.exe tagged as not-a-virus:AdWare.Gator.3103. No Action Taken.
File D:\Eigene Dateien\schicksalsblume52\receive\SmileyCentralBetaSetup1.1.1.6.exe infected by "Trojan-Dropper.Win32.Small.nk" Virus. Action Taken: File Deleted.
File D:\GarnierFruitTree.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Hi Nordstern,

vorbildlich, dass du dich schon informiert und vorgearbeitet hast. :)
Schau mal unter Programme nach ob du Mybar/Myway/Quicksearch/Searchbar findest, falls ja, bitte deinstallieren. Da du mit Escan ja einiges entfernt hast, wäre es gut, wenn du noch mal ein aktuelles HJT-Log erstellst und postest, aber bitte komplett mit den Kopfzeilen wegen der Systeminformationen.
Ansonsten scheint es sich bei dir zunächst "nur" um Adware zu handeln, empfohlen sei schon mal:

http://www.mathematik.uni-marburg.de...ompromise.html

Wechsel zu alternativen Browsern und strengeres Konfigurieren aktiver Inhalte ist wichtig.