Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   TR/Agent.1328655 (https://www.trojaner-board.de/51251-tr-agent-1328655-a.html)

Maradona 01.04.2008 18:23
TR/Agent.1328655
 
Hallo zusammen,

ich bin neu hier, daher hoffe ich, dass ich alles richtig poste. Also, ich habe folgendes Problem:

Vor ein paar Tagen hat der Antivir Guard einen sehr hartnäckigen Trojaner bei mir entdeckt, der immer wieder auftauchte und den ich immer wieder gelöscht habe.
Code:
In der Datei 'C:\WINDOWS\system32\msconfig.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.1328655' [TR/Agent.1328655] gefunden.
Ausgeführte Aktion: Datei löschen

Die Datei 'C:\System Volume Information\_restore{75AAE52F-9F73-44D9-BD6B-C1E8B271F298}\RP502\A0073122.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.1328655' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde gelöscht.
Zusätzlich habe ich mit HijackThis 2 Einträge der msconfig.exe gefunden, beide habe ich mit ht gefixt. Eines von beiden (Dateien löschen bzw. mit ht fixen) war wohl ein Fehler, denn seitdem bekomme ich bei jedem Booten ein Popup „System Configuration Utility“. Dort kann ich dann jede Menge Startup-Einstellungen vornehmen, was ich nicht tue, ich klicke nur auf ok (normal startup ist angehakt). Nach dem Speichern der Einstellungen sagt er mir, dass ich neustarten muss. Leider werden nach dem Neustart die Einstellungen nicht übernommen, sondern das Popup erscheint einfach wieder. Klicke ich hingegen auf „Restart later“ oder „Cancel“, funktionieren meine Browser nicht (weder ie noch ff), d.h. sie zeigen immer nur Seitenladefehler an. Meine Netzwerkverbindung läuft jedoch problemlos, pingen geht, Skype geht… nur die Browser wollen nicht. Meine laienhafte Erklärung wäre, dass Antivir die msconfig.exe jedesmal wieder löscht und so eine Neuerstellung gleich wieder im Keim erstickt. Dadurch können wichtige Dienste nicht gestartet werden. Habe auch mal geschaut (DNS Client läuft, das wäre mein erster Tipp gewesen) und versucht, einige mir wichtig erscheinende Dienste zu starten… leider mit wenig Erfolg. Aber wie gesagt, das ist nur eine Vermutung von jemandem mit sehr wenig Ahnung :D

Bevor ich mich jetzt aber an dieses Problem mache, will ich erstmal sichergehen, dass das Ding auch wirklich von meinem Rechner und dem meiner Freundin (Heimnetzwerk) runter ist. Habe erstmal das Netzwerkkabel von meinem Rechner getrennt und einen Antivir-Durchlauf von einer Boot-CD gemacht, sowie einen Registry-Fix mit ccleaner. Dann wie von euch beschrieben einen Scan mit escan durchgeführt, leider funktionierte die find.bat nicht, könnte an meiner englischen xp-Version liegen. Habe deshalb jetzt nur mal das Virus-Log, das in escan selbst angezeigt wird, kopiert:

Code:
Object "NULLBYTE Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "sounddrv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.loadadv.400 Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "softomate toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "elite toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "elite toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "softomate toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.loadadv.400 Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "softomate toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "sounddrv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.loadadv.400 Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "regsort Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "backdoor (ircbot) trojans Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "backdoor (ircbot) trojans Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKCR\ActivePG.Sdk" refers to invalid object "{F5624AF8-C085-11D4-9492-8702C380F5CE}". Action Taken: No Action Taken.
Entry "HKCR\ActivePG.Sdk.1" refers to invalid object "{F5624AF8-C085-11D4-9492-8702C380F5CE}". Action Taken: No Action Taken.
Entry "HKCR\AlphaMatrix.Alpha" refers to invalid object "{4B1B5116-CB78-42E5-8398-77111C96EADD}". Action Taken: No Action Taken.
Entry "HKCR\Cab.CabIn" refers to invalid object "{D8B4A55C-FA70-4181-B340-B92451E4DA62}". Action Taken: No Action Taken.
Entry "HKCR\Cab.CabIn.1" refers to invalid object "{D8B4A55C-FA70-4181-B340-B92451E4DA62}". Action Taken: No Action Taken.
Entry "HKCR\dzstactxctrl.dzstactxctrl.1" refers to invalid object "{6C5FD78F-9ED8-11D1-87C0-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\dzstactxPPG1.dzstactxPPG1.1" refers to invalid object "{8F70FCA1-A12A-11D1-87C0-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\EN10.ResearchService" refers to invalid object "{F406D071-95BC-42E9-A9D4-6520EAC120EB}". Action Taken: No Action Taken.
Entry "HKCR\Energy_Software_DLL.eneSoftwareLic" refers to invalid object "{9683C443-F7C7-4711-A9BA-F8F84A74C14C}". Action Taken: No Action Taken.
Entry "HKCR\ENResearchService.Actions" refers to invalid object "{6FDB090D-48B5-4544-974C-FDDA146C44E7}". Action Taken: No Action Taken.
Entry "HKCR\ENResearchService.Actions.1" refers to invalid object "{6FDB090D-48B5-4544-974C-FDDA146C44E7}". Action Taken: No Action Taken.
Entry "HKCR\FlashProp.FlashProp.1" refers to invalid object "{1171A62F-05D2-11D1-83FC-00A0C9089C5A}". Action Taken: No Action Taken.
Entry "HKCR\helix.duration" refers to invalid object "{80F6E410-210B-454C-B523-97D7C2541FF3}". Action Taken: No Action Taken.
Entry "HKCR\helix.duration.1" refers to invalid object "{80F6E410-210B-454C-B523-97D7C2541FF3}". Action Taken: No Action Taken.
Entry "HKCR\helix.producer" refers to invalid object "{66F8592D-33E8-11D7-8A24-00045A785B71}". Action Taken: No Action Taken.
Entry "HKCR\helix.producer.1" refers to invalid object "{66F8592D-33E8-11D7-8A24-00045A785B71}". Action Taken: No Action Taken.
Entry "HKCR\HHActiveX.GlossaryPane" refers to invalid object "{959F94FD-DD1E-11D2-B559-00105A0422DF}". Action Taken: No Action Taken.
Entry "HKCR\HHActiveX.GlossaryPane.1" refers to invalid object "{959F94FD-DD1E-11D2-B559-00105A0422DF}". Action Taken: No Action Taken.
Entry "HKCR\HHActiveX.HHComponentActivator" refers to invalid object "{399CB6C4-7312-11D2-B4D9-00105A0422DF}". Action Taken: No Action Taken.
Entry "HKCR\HHActiveX.HHComponentActivator.1" refers to invalid object "{399CB6C4-7312-11D2-B4D9-00105A0422DF}". Action Taken: No Action Taken.
Entry "HKCR\LAUNCH.LaunchCtrl.1" refers to invalid object "{A6616B31-4860-41E2-98E3-CA7649AF172F}". Action Taken: No Action Taken.
Entry "HKCR\LicenceProtector24.lpLicprotector24" refers to invalid object "{31A87D3A-CDB1-403F-9CD6-4DCCF7E036A8}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.ClassBreaksRenderer" refers to invalid object "{755CF0AD-7CD4-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.DotDensityRenderer" refers to invalid object "{755CF0AF-7CD4-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.Ellipse" refers to invalid object "{755CF0B4-7CD4-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.GroupRenderer" refers to invalid object "{755CF0BF-7CD4-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.ImageLayer" refers to invalid object "{045ED51A-6095-11D3-9F67-000000000000}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.LabelPlacer" refers to invalid object "{755CF0C1-7CD4-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.LabelRenderer" refers to invalid object "{755CF0B1-7CD4-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.MapLayer" refers to invalid object "{ABC866D9-7C46-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.Point" refers to invalid object "{ABC866DF-7C46-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.Rectangle" refers to invalid object "{ABC866DB-7C46-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.Strings" refers to invalid object "{755CF0A9-7CD4-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.Symbol" refers to invalid object "{755CF0A5-7CD4-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.TextSymbol" refers to invalid object "{755CF0B6-7CD4-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.ValueMapRenderer" refers to invalid object "{755CF0A7-7CD4-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\OrbTVBuffer.MiTVSink" refers to invalid object "{EEB09DE1-1892-43B5-9730-B3FA8361B13A}". Action Taken: No Action Taken.
Entry "HKCR\OrbTVBuffer.MiTVSink.1" refers to invalid object "{EEB09DE1-1892-43B5-9730-B3FA8361B13A}". Action Taken: No Action Taken.
Entry "HKCR\sevCommand3.Command" refers to invalid object "{05CE1055-7D42-4E26-8028-64B275164A9F}". Action Taken: No Action Taken.
Entry "HKCR\sevCommand3.Init" refers to invalid object "{FA2EAF76-E91B-493A-9079-BCCA2921F7E2}". Action Taken: No Action Taken.
Entry "HKCR\sevCommand3.Line3D" refers to invalid object "{0CBE3BB0-B13E-4D5D-A297-8E3BB290993A}". Action Taken: No Action Taken.
Entry "HKCR\sevCommand3.roLabel" refers to invalid object "{5047A010-E5A0-4969-8715-C6C61468FC9A}". Action Taken: No Action Taken.
Entry "HKCR\sevTab.Init" refers to invalid object "{DB5C442D-C8D8-4F6D-915D-1730F4AFC1F3}". Action Taken: No Action Taken.
Entry "HKCR\sevTab.sevTabStrip" refers to invalid object "{83A12419-CB96-4C57-84A9-B039FAA0253B}". Action Taken: No Action Taken.
Entry "HKCR\sevTextBox.Init" refers to invalid object "{22B1F8A4-46AD-4CB3-995B-1CD86A4FE91E}". Action Taken: No Action Taken.
Entry "HKCR\sevTextBox.sevMonthView" refers to invalid object "{FDA12C93-391F-4DA4-8DE1-321F125E6757}". Action Taken: No Action Taken.
Entry "HKCR\sevTextBox.sevText" refers to invalid object "{160A8C90-BF08-427D-9CB2-6AF9F37C3EE5}". Action Taken: No Action Taken.
Entry "HKCR\sevXPControls.Init" refers to invalid object "{A38AE2A6-517D-48A0-85EB-EB56B80EE59F}". Action Taken: No Action Taken.
Entry "HKCR\sevXPControls.sevCheck" refers to invalid object "{019994B8-B38D-4267-AC04-C6A55D482B22}". Action Taken: No Action Taken.
Entry "HKCR\sevXPControls.sevFrame" refers to invalid object "{BAC553A4-5DEA-4F95-B272-8554C309B34F}". Action Taken: No Action Taken.
Entry "HKCR\sevXPControls.sevImage" refers to invalid object "{057EFFC1-D96C-4179-9666-D47F4EA493F3}". Action Taken: No Action Taken.
Entry "HKCR\sevXPControls.sevLabel" refers to invalid object "{A6B025D6-FFB8-41AC-AAA2-405A0922852F}". Action Taken: No Action Taken.
Entry "HKCR\sevXPControls.sevMsgBox" refers to invalid object "{8A17BAA3-7DAE-40B6-AFAC-B708DDEF72A4}". Action Taken: No Action Taken.
Entry "HKCR\sevXPControls.sevOption" refers to invalid object "{A769CE4F-0246-44D0-BC97-7B9C12C5C153}". Action Taken: No Action Taken.
Entry "HKCR\sevXPControls.sevProgressBar" refers to invalid object "{463309E0-B871-492C-82AB-1B5D6A731BD7}". Action Taken: No Action Taken.
Entry "HKCR\sevXPControls.sevWaitBar" refers to invalid object "{0B4D8257-FBC9-464D-9F79-6A48A6C895C8}". Action Taken: No Action Taken.
Entry "HKCR\sevXPControls.sevXPForm" refers to invalid object "{D8F265E1-F446-408C-BECF-03823BBBEF19}". Action Taken: No Action Taken.
Entry "HKCR\SharePoint.WebPartPage.Document.1.0" refers to invalid object "{388ED91D-7FD2-11D0-A60B-00A0C90A43FF}". Action Taken: No Action Taken.
Entry "HKCR\SmartInstantFormatter.CiteAction" refers to invalid object "{6FDB090C-48B5-4544-974C-FDDA146C44E7}". Action Taken: No Action Taken.
Entry "HKCR\SmartInstantFormatter.CiteAction.1" refers to invalid object "{6FDB090C-48B5-4544-974C-FDDA146C44E7}". Action Taken: No Action Taken.
Entry "HKCR\SmartInstantFormatter.CiteRecognizer" refers to invalid object "{15FF99BC-4177-4E86-A751-60A1B0BE6BB1}". Action Taken: No Action Taken.
Entry "HKCR\SmartInstantFormatter.CiteRecognizer.1" refers to invalid object "{15FF99BC-4177-4E86-A751-60A1B0BE6BB1}". Action Taken: No Action Taken.
Entry "HKCR\USBSWITCHAX.USBswitchAXCtrl.1" refers to invalid object "{27C9039A-A892-44C8-AD6A-F946801C4968}". Action Taken: No Action Taken.
Entry "HKCR\ZKrypto.CCrypto" refers to invalid object "{1D43B8FA-6C42-442F-A3C2-7E200CB9BC91}". Action Taken: No Action Taken.
File C:\DOCUME~1\***\LOCALS~1\Temp\NERO14399\Toolbar.exe tagged as "not-a-virus:AdTool.Win32.MyWebSearch.bm". Action Taken: No Action Taken.
File C:\DOCUME~1\***\LOCALS~1\Temp\NERO14754\Toolbar.exe tagged as "not-a-virus:AdTool.Win32.MyWebSearch.bm". Action Taken: No Action Taken.
File C:\Documents and Settings\***\Local Settings\Temp\NERO14399\Toolbar.exe tagged as "not-a-virus:AdTool.Win32.MyWebSearch.bm". Action Taken: No Action Taken.
File C:\Documents and Settings\***\Local Settings\Temp\NERO14754\Toolbar.exe tagged as "not-a-virus:AdTool.Win32.MyWebSearch.bm". Action Taken: No Action Taken.
File C:\Program Files\Brockhaus Multimedia\Brockhaus multimedial\deskbar.dll tagged as "not-a-virus:AdWare.Win32.Mostofate.di". Action Taken: No Action Taken.
Sieht irgendwie nicht so gut aus :headbang:
Einen HijackThis Scan habe ich auch noch mal gemacht:

Maradona 01.04.2008 18:24
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:03, on 01.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\BOINC\boincmgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\BOINC\boinc.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\NMSAccessU.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WPSC3PSW.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://www.arcor.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://google.daemonsearch.com/de/ý
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://www.arcor.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.arcor.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = h**p://www.arcor.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [WpsRePsw] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [DRam prosessor] msconfig.exe
O4 - HKLM\..\RunServices: [DRam prosessor] msconfig.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WEB.DE_WEB.DE SmartDrive Manager] "C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE" /hide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\WINDOWS\system32\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe

--
End of file - 11773 bytes
Lustigerweise ist die msconfig.exe wieder drin, Antivir hat aber bis jetzt nicht mehr gemeckert. Ich würde mich sehr freuen, wenn mir jemand helfen könnte, ich schreibe grade meine Magisterarbeit und brauche den Rechner dringend… und eigentlich auch das Internet. Aber wie das immer so ist, solche Dinge passieren natürlich nur dann, wenn man es am wenigsten brauchen kann ;)

danke schon mal für eure hilfe…

Maradona 02.04.2008 08:23
kleines update (sry wg. der ganzen doppelposts, aber durch die zeichenbegrenzung muss ich immer wieder neu posten)... habe die ominöse msconfig.exe mal mit killbox "delete on reboot" abgeschossen, seitdem keine "configuration setup utility" popups mehr beim systemstart. allerdings geht das Internet immer noch nicht:

lan-verbindung wird als aktiv und problemfrei angezeigt
ping localhost geht
skype geht
ping router geht nicht

habe mal anti-malware laufen lassen, hier das log:

Code:
Malwarebytes' Anti-Malware 1.09
Datenbank Version: 567

Scan Art: Komplett Scan (C:\|D:\|)
Objekte gescannt: 231175
Scan Dauer: 35 minute(s), 20 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
(Keine Malware Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine Malware Objekte gefunden)

Infizierte Registrierungswerte:
(Keine Malware Objekte gefunden)

Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)

Infizierte Verzeichnisse:
(Keine Malware Objekte gefunden)

Infizierte Dateien:
C:\Documents and Settings\***\Local Settings\Temp\GLK6F.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
danach neustart und ein neues hjt-log:

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:59:18, on 02.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\BOINC\boincmgr.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\BOINC\boinc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WPSC3PSW.EXE
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/de/ý
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.arcor.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [WpsRePsw] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WEB.DE_WEB.DE SmartDrive Manager] "C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE" /hide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\WINDOWS\system32\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe

--
End of file - 11968 bytes
wäre wirklich nett, wenn mir jemand helfen könnte... ich brauch den computer dringend. danke :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:21 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27