Explorer secured by EverestLabs
 

Könntet ihr mir helfen... danke vorab

Logfile of HijackThis v1.99.1
Scan saved at 01:56:46, on 29.06.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
D:\Programme\001_antiVIREN\Avast4\aswUpdSv.exe
D:\Programme\001_antiVIREN\Avast4\ashServ.exe
D:\Programme\03_INTERNET\CallerIP\cip-nt.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\svchost.exe
D:\Programme\06_MultiMedia\VLC\vlc.exe
D:\Programme\001_antiVIREN\Avast4\ashMaiSv.exe
D:\Programme\001_antiVIREN\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRA~1\001_AN~1\Avast4\ashDisp.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Programme\Acronis_TrueImage\TrueImageMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
D:\Programme\03_INTERNET\tor_privoxy\TorCP\torcp.exe
D:\Programme\03_INTERNET\tor_privoxy\Tor\tor.exe
D:\Programme\03_INTERNET\tor_privoxy\Privoxy\privoxy.exe
D:\Programme\03_INTERNET\Browser\FIREOX\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
D:\Programme\001_antiVIREN\spydefense\sdc.exe
C:\Programme\Internet Explorer\iexplore.exe
F:\DOWNLOAD\001_ANTIviren\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer secured by EverestLabs
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8118;gopher=localhost:8118;http=localhost:8118;https=localhost:8118
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
F3 - REG:win.ini: run=
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: VIPTToolbarManager Class - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - D:\Programme\03_INTERNET\Visual IP Trace\VisualIPTraceIE.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - D:\Programme\05_systools\FreshDownload\fdcatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {8E718888-423F-11D2-876E-00A0C9082467} - (no file)
O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - D:\Programme\03_INTERNET\Visual IP Trace\VisualIPTraceIE.dll
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\001_AN~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Programme\Acronis_TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "D:\PROGRA~1\GFX\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [RemoveWGA] F:\DOWNLOAD\29_Win_updates\RemoveWGA.exe -startup
O4 - HKCU\..\Run: [TorCP] D:\Programme\03_INTERNET\tor_privoxy\TorCP\torcp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Privoxy.lnk = D:\Programme\03_INTERNET\tor_privoxy\Privoxy\privoxy.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Programme\03_INTERNET\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Programme\03_INTERNET\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\03_INT~1\MESSEN~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\03_INT~1\MESSEN~1\ICQ\ICQ.exe
O9 - Extra button: Locate - {B6F776D7-C231-11D4-8158-005004ADEFCA} - D:\Programme\03_INTERNET\Visual WhoIs 2004\srstools.dll
O9 - Extra 'Tools' menuitem: Locate Using Visual WhoIs 2004 - {B6F776D7-C231-11D4-8158-005004ADEFCA} - D:\Programme\03_INTERNET\Visual WhoIs 2004\srstools.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Game\PartyPoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Game\PartyPoker\PartyPoker\RunApp.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4655C94B-B03F-42D3-B962-183C38DB5689}: NameServer = 192.168.178.1
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Programme\001_antiVIREN\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Programme\001_antiVIREN\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programme\001_antiVIREN\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Programme\001_antiVIREN\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Visualware CallerIP (CallerIP) - Unknown owner - D:\Programme\03_INTERNET\CallerIP\cip-nt.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - E:\XAMPP-server\xampp\filezillaftp\filezillaserver.exe
O23 - Service: GFI LANguard N.S.S. 7.0 Attendant Service - Unknown owner - D:\Programme\05_systools\LANguard Network Security Scanner 7.0\lnssatt.exe" -service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Programme\0001_copytools\NERO7\Nero 7\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - D:\Programme\01_cleanerTools\Registry Defragmentation\RegManServ.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: VLC media player - Unknown owner - D:\Programme\06_MultiMedia\VLC\vlc.exe" -I ntservice --ntservice-extraintf http (file missing)
O23 - Service: XWP_Services (XWNTSERV) - Unknown owner - C:\WINDOWS\System32\xwntserv.exe

einfach mal hier nachlesen, dann klappts auch mit der hilfe

http://www.trojaner-board.de/extra/impressum.html#NUB

GUA