| Ammanati | 19.08.2008 16:18 |
Warning! Spyware detected on Computer
Wer kann helfen??
Bin ja anscheinend nicht der Erste mit diesem Message auf Desktop Hintergrund:
" Warning!
Sypware detected on your computer!
Intall an antivirus or spyware remover to
clean your computer. "
Ausserdem kommt in der Ruhephase (nach ca. 10 min.) ein Bluescreen mit unterschiedlichen Meldungen:
Page_fault_in_nonpage_area
bogus_driver
unexpected_kernel_mode_trap
Desktop Hintergrund kann nicht mehr geändert werde!!!
Ich habe Windos XP (SP 3) und mit verschiedenen Antivirus Programmen bereits alle gefundenen Viren gelöscht.
Vielen Dank für eure Hilfe.
Anbei der HiJackThis Logfile: Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:19:56, on 19.08.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Programme\CA\SharedComponents\iTechnology\igateway.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programme\CA\eTrustITM\InoRpc.exe
C:\Programme\CA\eTrustITM\InoRT.exe
C:\Programme\CA\eTrustITM\InoTask.exe
C:\Programme\lotus\notes\ntmulti.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Programme\softOSD\softosd.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\lphc70jj0ej2t.exe
C:\Programme\CA\eTrustITM\realmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programme\softOSD\softOSM.exe
C:\Programme\Lotus\Notes\NLNOTES.EXE
C:\WINDOWS\system32\softLCP.exe
C:\Programme\Lotus\Notes\ntaskldr.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programme\Microsoft Office\OFFICE11\MSACCESS.EXE
C:\PROGRA~1\IBM\CLIENT~1\Emulator\pcsws.exe
C:\Programme\IBM\Client Access\Emulator\PCSCM.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\maa.SIHELCO\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.cash.ch/boerse/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**p://go.compaq.com/1Q00CDT/0407/bl7.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sihelco
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = h**p=Proxy:8080;ftp=Proxy:8080;gopher=Proxy:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Programme\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Programme\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Programme\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Programme\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [IsabelUpgrade] C:\PROGRA~1\Isabel\BIN\ARBOOT.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lphc70jj0ej2t] C:\WINDOWS\system32\lphc70jj0ej2t.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Programme\CA\eTrustITM\realmon.exe" -s
O4 - HKCU\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AplStrCom] C:\WINDOWS\system32\gnylivsz.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OnScreen Manager.lnk = C:\Programme\softOSD\softOSM.exe
O4 - Startup: Verknüpfung mit notes.lnk = C:\Programme\Lotus\Notes\notes.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MSOffice\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {207D2A66-5DC0-478F-BA7E-A492146D7750} (CardActivator Control) - h**ps://business.isabel.be/CardActivator/CAB-APP/CardActivator.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210691277455
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sihelco.amorg.group
O17 - HKLM\Software\..\Telephony: DomainName = sihelco.amorg.group
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sihelco.amorg.group
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sihelco.amorg.group
O21 - SSODL: ProcSysMon - {147E56B1-B44F-65D6-2F0B-0565C3ACECA9} - C:\Programme\urosnkb\ProcSysMon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: iTechnology iGateway 4.0 (iGateway) - Computer Associates International, Inc. - C:\Programme\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust ITM Realtime Service (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrustITM\InoTask.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Programme\lotus\notes\ntmulti.exe
O23 - Service: softOSD - EnTech Taiwan - C:\Programme\softOSD\softosd.exe
--
End of file - 7409 bytes
| 