28. März 2024, 10:02:13 Uhr

Virus !?

Begonnen von mad_eye, 10. Juli 2006, 15:10:58 Uhr

⏪ vorheriges - nächstes ⏩

0 Mitglieder und 1 Gast betrachten dieses Thema.

mad_eye

Hallo,
ich habe seit 2tagen das Problem, dass mir unten in der taskleiste, neben der uhr, angezeigt wird, ich hätte spyware auf dem PC. Am anfang war es nur eine meldung, mitlerweile sind es schon zwei, die regelmäßig aufpoppen und mir sagen wie infiziert mein computer doch sei. Zusätzlich bekomme ich immer popups zu irgendwelchen ominösen seiten. heute war es sogar so das meine internetverbindung von dem virus unterbrochen wurde. Ich hatte schon zwei mal mit "Spysherif" zu kämpfen udn der virus jetzt erscheint mir so ähnlich zu sein. allerdings weis ich nicht weiter, ich habs schon mit ad-aware und antivir probiert...ich finde zwar dateien doch wenn ich sie lösche ändert sich nichts und nach einem neustart sind wieder neue datein da.

wäre nett wenn das mal jemand durchchekcen könnte!

danke schon mal im vorraus!

gandal

-> http://www.hwe-forum.de/index.php/topic,14266.0.html

Siehe Antwort.
Poste bitte ein HiJackThis-Log.
         
Real Programmers code in binary

mad_eye

Logfile of HijackThis v1.99.1
Scan saved at 15:18:00, on 10.07.2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\MSI\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atmclk.exe
C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Verschiedenes\iTunes\iTunesHelper.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Verschiedenes\DAEMON Tools\daemon.exe
C:\Programme\Gemeinsame Dateien\{20AD92C3-07DA-1031-0311-051027040031}\Update.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\AOpen\AOpen Silent Fan\openfan.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programme\MSI\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\dcomcfg.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Steffen Teborg\Desktop\hijackthis\HijackThis.exe

F2 - REG:system.ini: Shell=
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Programme\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [SBDrvDet] C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [ICQ Lite] C:\Internet\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Verschiedenes\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Verschiedenes\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RemoteCenter] C:\Programme\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] "C:\Programme\Creative\SBAudigy2ZS\Program\Startup Menu\ChkColor.EXE"
O4 - HKCU\..\Run: [explorer] C:\WINDOWS\system32\audit.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SpyBrowser] C:\Programme\SpyBro\SpyBro.exe /autostart
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Internet\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOpen Silent-Fan AP.lnk = C:\Programme\AOpen\AOpen Silent Fan\openfan.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - E:\\Programme\\Preispiraten3\\Preispiraten3\\preispiraten.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Programme\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Internet\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Internet\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\MSI\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O18 - Protocol: bw+0 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {A7292C8D-312C-44FF-8600-A14F6ABEB42A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs:  C:\WINDOWS\System32\regedit.dll
O21 - SSODL: furnariidae - {89e4aaba-3b21-49b3-b922-8ca35193c68e} - C:\WINDOWS\System32\zlara.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

gandal

10. Juli 2006, 15:46:07 Uhr #3 Letzte Bearbeitung: 10. Juli 2006, 15:56:19 Uhr von gandal
IE update

Im abgesicherten Modus fixen. Systemwiederherstellung ausschalten.

C:\WINDOWS\System32\atmclk.exe
C:\WINDOWS\System32\dcomcfg.exe
F2 - REG:system.ini: Shell=
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Programme\ToolBar888\MyToolBar.dll
O4 - HKCU\..\Run: [SpyBrowser] C:\Programme\SpyBro\SpyBro.exe /autostart
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O18 ALLE Fixen
O21 - SSODL: furnariidae - {89e4aaba-3b21-49b3-b922-8ca35193c68e} - C:\WINDOWS\System32\zlara.dll
         Kenn ich nicht, wenn unbekannt fixen

Und auch Tyco's Hinweis im anderen Posting beachten, -> Löschung "Sheriff"
         
Real Programmers code in binary

mad_eye

Hab grade alles gefixed und die entsprechenden system32 einträge gelöscht!

Augenscheinlich scheint wieder alles in bester ordnung!

Vielen dank!  :-*     ::)

gandal

Es schadet nicht noch Spybot, Adaware und dergleichen mal scannen zu lassen.
         
Real Programmers code in binary

jonas_wagener

hallo erstmal, ich hab so ziemlich das gleiche problem...pop ups ohne ende und antivir und adaware sind machtlos... auch im abgesicherten modus etc. etc. probiert.   ih poste jetzt auch mal mein hijackthis log und hoffe das ihr euch meiner annehmt.  schonmal im vorraus vielen dank!

Logfile of HijackThis v1.99.1
Scan saved at 01:56:33, on 15.07.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sstray.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\Mixer.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\NetPumper\NetPumperIEProxy.exe
C:\Programme\iPod\bin\iPodService.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe
C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
D:\games\hl2\steam.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programme\Common Files\VCClient\VCMain.exe
C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programme\Mousometer\mousometer.exe
D:\Programme\DTV\DVB-T USB 2.0\RC.exe
C:\PROGRA~1\GEMEIN~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programme\Nero\Nero 7\Nero WaveEditor\waveedit.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Dokumente und Einstellungen\jonas\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {6360A869-35D6-527D-5A02-92AB68D59742} - C:\DOKUME~1\jonas\ANWEND~1\MEDIAP~1\BYTE MEET.exe (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd11.exe
O4 - HKLM\..\Run: [winsysban] C:\\winsysban12.exe
O4 - HKLM\..\Run: [IpNetwork] C:\Programme\Network\ipnetwork.exe
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames12.exe
O4 - HKLM\..\Run: [NetPumper] "C:\Programme\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Rule store dvd bin] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Okay bore rule store\Poke two.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKCU\..\Run: [Steam] "d:\games\hl2\steam.exe" -silent
O4 - HKCU\..\Run: [jumpbarb] C:\DOKUME~1\jonas\ANWEND~1\NOUNME~1\Ace Mfcd.exe
O4 - HKCU\..\Run: [CU1] C:\Programme\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Programme\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe"
O4 - HKCU\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Mousometer.lnk = C:\Programme\Mousometer\mousometer.exe
O4 - Startup: RC.exe.lnk = D:\Programme\DTV\DVB-T USB 2.0\RC.exe
O8 - Extra context menu item: Download with NetPumper - C:\Programme\NetPumper\AddUrl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E400FD40-56FD-4C05-BF59-FFDB4DFDA88A}: NameServer = 192.168.1.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\ehent.dll (file missing)
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\aasnt.dll (file missing)
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\skmpapi.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Network Monitor - Unknown owner - C:\Programme\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe





tyco

IE=updaten

Das ist ja ziemlich viel. Fixe folgendes im abgesicherten Modus und poste anschliessend ein neues HijackThis.log:

C:\Programme\Common Files\VCClient\VCMain.exe

C:\PROGRA~1\GEMEIN~1\Nokia\MPAPI\MPAPI3s.exe

O2 - BHO: (no name) - {6360A869-35D6-527D-5A02-92AB68D59742} - C:\DOKUME~1\jonas\ANWEND~1\MEDIAP~1\BYTE MEET.exe (file missing)

O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd11.exe

O4 - HKLM\..\Run: [winsysban] C:\\winsysban12.exe

O4 - HKLM\..\Run: [IpNetwork] C:\Programme\Network\ipnetwork.exe

O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames12.exe

O4 - HKLM\..\Run: [Rule store dvd bin] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Okay bore rule store\Poke two.exe

O4 - HKCU\..\Run: [jumpbarb] C:\DOKUME~1\jonas\ANWEND~1\NOUNME~1\Ace Mfcd.exe

O4 - HKCU\..\Run: [CU1] C:\Programme\Common Files\VCClient\VCClient.exe

O4 - HKCU\..\Run: [CU2] C:\Programme\Common Files\VCClient\VCMain.exe

O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe"

O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\ehent.dll (file missing)

tO20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\ehent.dll (file missing)

O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\aasnt.dll (file missing)

O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\aasnt.dll (file missing)

O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\skmpapi.dll (file missing)

O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\skmpapi.dll (file missing)

O23 - Service: Network Monitor - Unknown owner - C:\Programme\Network Monitor\netmon.exe

Bitte keine Supportanfragen per PM stellen.

jonas_wagener

muss ich den iexlplorer updaten wenn ich firefox benutze`?

gandal

Ja, der IE sollte immer ein Update erfahren, da viele Programme auf die Funkionen der Bibliotheken aufsetzen.
OutlookExpress, Hilfe, ...
         
Real Programmers code in binary