Trojaner-Board - Please check HijackThis! log

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Please check HijackThis! log (https://www.trojaner-board.de/14839-please-check-hijackthis-log.html)

Please check HijackThis! log

Logfile of HijackThis v1.98.2
Scan saved at 17:48:00, on 03.03.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Winamp\Winampa.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Altnet\Points Manager\Points Manager.exe
C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~2\Altnet\DOWNLO~1\asm.exe
C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Eva Bachofner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.ch/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.hispeed.ch:8080;http=proxy.hispeed.ch:8080
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Programme\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\pbuookd.exe
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\zrnip.exe
O4 - HKLM\..\Run: [Microsoft Update] muamgrd.exe
O4 - HKLM\..\Run: [ccApp.exe] ccApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\RunServices: [Microsoft Update] muamgrd.exe
O4 - HKLM\..\RunServices: [ccApp.exe] ccApp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ccApp.exe] ccApp.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Global Startup: Erinnerungen in Microsoft Works-Kalender.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://cam01.neuemedienag.ch/activex/AxisCamControl.ocx

Hi,

eine 'kleine' Problemschilderung wäre vielleicht nicht schlecht gewesen!?!
Aber dort sind einige 'dubiose' Einträge im Log.
Mach mal einen Scan mit eScan (siehe Signatur - Anleitung genau beachten!) und poste anschließend, was gefunden wurde.
Öffne dazu die mwav.log -> Bearbeiten -> Suchen -> infected oder tagged eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen.

BTW: Beim nächsten Scan bitte die aktuelle Version von HijackThis verwenden!

Infected:

File C:\PROGRA~2\Altnet\DOWNLO~1\asmps.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\GEMEIN~1\CMEII\CMESys.exe infected by "not-a-virus:AdWare.Gator.5115" Virus. Action Taken: No Action Taken.
File c:\PROGRA~1\GEMEIN~1\cmeii\GCONTR~1.DLL infected by "not-a-virus:AdWare.Gator.5115" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\GEMEIN~1\CMEII\Gtools.dll infected by "not-a-virus:AdWare.Gator.5115" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\GEMEIN~1\CMEII\GIocl.dll infected by "not-a-virus:AdWare.Gator.5115" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\GEMEIN~1\CMEII\GStore.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\GEMEIN~1\CMEII\CMEIIAPI.dll infected by "not-a-virus:AdWare.Gator.5115" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\GEMEIN~1\CMEII\GIOCLC~1.DLL infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File c:\PROGRA~1\GEMEIN~1\cmeii\GSTORE~1.DLL infected by "not-a-virus:AdWare.Gator.5115" Virus. Action Taken: No Action Taken.
File c:\PROGRA~1\GEMEIN~1\cmeii\gdwldeng.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
File c:\PROGRA~1\GEMEIN~1\cmeii\gmtproxy.dll infected by "not-a-virus:AdWare.Gator.5115" Virus. Action Taken: No Action Taken.
File c:\PROGRA~1\GEMEIN~1\cmeii\gappmgr.dll infected by "not-a-virus:AdWare.Gator.5115" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\GEMEIN~1\CMEII\GObjs.dll infected by "not-a-virus:AdWare.Gator.5115" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\GEMEIN~1\GMT\GMT.exe infected by "not-a-virus:AdWare.Gator.4203" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\GEMEIN~1\GMT\EGNSEN~1.DLL infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\GEMEIN~1\GMT\EGIEPR~1.DLL infected by "not-a-virus:AdWare.Gator.5115" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\GEMEIN~1\GMT\EGGCEN~1.DLL infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\GEMEIN~1\GMT\GatorRes.dll infected by "not-a-virus:AdWare.Gator.5115" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\GEMEIN~1\CMEII\CMESys.exe infected by "not-a-virus:AdWare.Gator.5115" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\EVABAC~1\LOKALE~1\Temp\asmfiles.cab infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Eva Bachofner\Desktop\backups\backup-20040816-231514-837.dll infected by "not-a-virus:AdWare.Perfnav.a" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Eva Bachofner\Desktop\backups\backup-20040816-231514-885.dll infected by "not-a-virus:AdWare.ToolBar.MyWay.g" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Eva Bachofner\Lokale Einstellungen\Temp\asmfiles.cab infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Altnet\Download Manager\adm.exe infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Altnet\Download Manager\adm25.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Altnet\Download Manager\adm4.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Altnet\Download Manager\admdata.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Altnet\Download Manager\admdloader.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Altnet\Download Manager\admfdi.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Altnet\Download Manager\admprog.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Altnet\Download Manager\altnetuninstall.exe infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Altnet\Download Manager\asmps.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Altnet\Points Manager\sysdetect.dll infected by "not-a-virus:AdWare.BrilliantDigital.1007" Virus. Action Taken: No Action Taken.
Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Scanning File C:\Programme\AVPersonal\INFECTED\GTRAWBM.FIL.002
Result: ERROR!!! File C:\Programme\AVPersonal\INFECTED\GTRAWBM.FIL.002: Scanning Failure!!!
C:\Programme\AVPersonal\INFECTED\GTRAWBM.FIL.002 possibly infected and removed by background antivirus package!
File C:\Programme\AVPersonal\INFECTED\GTRAWBM.FIL.002 infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.
Scanning File C:\Programme\AVPersonal\INFECTED\GTRAWBM.FIL.VIR

[Noch mehr mit dem Ordnernamen...]

File C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll infected by "not-a-virus:AdWare.Gator.5115" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GController.dll infected by "not-a-virus:AdWare.Gator.5115" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll infected by "not-a-virus:AdWare.Gator.5115" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll infected by "not-a-virus:AdWare.Gator.5115" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll infected by "not-a-virus:AdWare.Gator.5115" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll infected by "not-a-virus:AdWare.Gator.5115" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll infected by "not-a-virus:AdWare.Gator.5115" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\EGGCEngine.dll infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\egIEEngine.dll infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\EGIEProcess.dll infected by "not-a-virus:AdWare.Gator.5115" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\EGNSEngine.dll infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\GatorRes.dll infected by "not-a-virus:AdWare.Gator.5115" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\GatorStubSetup.exe infected by "not-a-virus:AdWare.Gator.5115" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\GMT.exe infected by "not-a-virus:AdWare.Gator.4203" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\GUninstaller.exe infected by "not-a-virus:AdWare.Gator.5115" Virus. Action Taken: No Action Taken.
File C:\Programme\Kazaa\TopSearch.dll infected by "not-a-virus:AdWare.Altnet.e" Virus. Action Taken: No Action Taken.
File C:\Programme\MyWay\myBar\1.bin\MY2NS.EXE infected by "not-a-virus:AdWare.Toolbar.MyWay.b" Virus. Action Taken: No Action Taken.
File C:\Programme\MyWay\myBar\1.bin\NPMYWAY.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{E0C88026-EAEA-41EF-A70A-46F19289662E}\RP83\A0022486.dll infected by "not-a-virus:AdWare.Altnet.c" Virus. Action Taken: No Action Taken.
C:\WINDOWS\browserxtras\pn\remove.exe possibly infected and removed by background antivirus package!
File C:\WINDOWS\browserxtras\pn\remove.exe infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Adware\Setup_PerfectNav.exe infected by "Trojan-Downloader.Win32.Small.alx" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\adm.exe infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\adm25.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\adm4.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\admdata.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\admdloader.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\admfdi.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\admprog.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\dmfiles.cab infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\mysearch.cab infected by "not-a-virus:AdWare.ToolBar.MyWay.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\pmfiles.cab infected by "not-a-virus:AdWare.BrilliantDigital.1007" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\Setup.exe infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.

Bitte hilf mir

bei so vielen funden rate ich system neu aufsetzen

oder

lade dir spybot - search and destroy
update es und lass es durchlaufen

immunisiere dein pc dann mit spybot

lass escan drüber laufen und post hier die funde

@Soundgarden
systemwiederherstellung deaktivieren, neu booten, systemwiederherstellung aktivieren.
mit clearprog download
deine temps löschen, alle häkchen bei IE und windows setzen, löschen

danach in den abgesicherten modus wechslen und manuell löschen
C:\PROGRA~2\Altnet\DOWNLO~1\asmps.dll
C:\PROGRA~1\GEMEIN~1\CMEII
C:\PROGRA~1\GEMEIN~1\GMT
C:\Dokumente und Einstellungen\Eva Bachofner\Desktop\backups\backup-20040816-231514-837.dll
C:\Dokumente und Einstellungen\Eva Bachofner\Desktop\backups\backup-20040816-231514-885.dll
C:\Dokumente und Einstellungen\Eva Bachofner\Lokale Einstellungen\Temp\asmfiles.cab
C:\Program Files\Altnet\Download Manager\adm.exe
C:\Program Files\Altnet\Download Manager\adm25.dll
C:\Program Files\Altnet\Download Manager\adm4.dll
C:\Program Files\Altnet\Download Manager\admdata.dll
C:\Program Files\Altnet\Download Manager\admdloader.dll
C:\Program Files\Altnet\Download Manager\admfdi.dll
C:\Program Files\Altnet\Download Manager\admprog.dll
C:\Program Files\Altnet\Download Manager\altnetuninstall.exe
C:\Program Files\Altnet\Download Manager\asmps.dll
C:\Program Files\Altnet\Points Manager\sysdetect.dll
C:\Programme\Kazaa
C:\Programme\MyWay
neu booten, neues HJT lofgile erstellen

chaosman

@Chaosman:

Alles gemacht, das HJT Log sieht nun so aus:

Logfile of HijackThis v1.99.1
Scan saved at 19:53:47, on 04.03.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Winamp\Winampa.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Altnet\Points Manager\Points Manager.exe
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOKUME~1\EVABAC~1\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.ch/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.hispeed.ch:8080;http=proxy.hispeed.ch:8080
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Programme\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Global Startup: Erinnerungen in Microsoft Works-Kalender.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://cam01.neuemedienag.ch/activex/AxisCamControl.ocx
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe

Im Nachhinein habe ich noch SpyBot drüberlaufen lassen und der hat diese Probleme gefunden und behoben:

- Altnet (23 entries)
- Cydoor (1 entry)
- eUniverse.updMgr (3 entries)
- GAIN.Dashbar (1 entry)
- GAIN.Gator (4 entries)
- KeenValue.PerfectNav (4 entries)
- MyWay.MyBar (3 entries)

@Soundgarden

Zitat:

Das hat aber auch Spybot ignoriert:

Zitat:

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

Alles kommt mit Kazaa MD zusammen. Schmeiße es weg! Ohne AdWare ist das Zeug sowieso nicht funktionsfähig. Kazaa Lite ist eine Alternative.